If you find a possible security vulnerability, please email security@phlex.fun. Do not create an issue or pull request either demonstrating or fixing the vulnerability.
The Gem Foundation has kindly sponsored a $1 bug bounty to discover security vulnerabilities in Phlex.
If you wish to sponsor a bug bounty for Phlex, please get in touch with Joel at joel@drapper.me.