Responsible disclosure

Report vulnerabilities privately to contact@duellab.org in English. Include reproduction steps and potential impact. Please avoid accessing other people’s data, disrupting public services, or publishing exploit details before coordination.

Generated-code safety

DuelLab treats model-generated player code as untrusted. Benchmark operations use controlled build and execution paths with network, filesystem, process, time, CPU, and memory boundaries appropriate to the runner. Exact controls can vary by evaluation lane and are recorded operationally; this public summary intentionally omits exploit-sensitive configuration.

Deterministic game execution does not by itself make host scheduling, compiler behavior, or an unsafe generated program deterministic. Releases record methods and public evidence needed to state the supported reproducibility boundary.