| Version | Supported |
|---|---|
| 1.0.x (Sepolia) | Yes |
| < 1.0 | No |
Please do NOT open public GitHub issues for security vulnerabilities.
Email: jeremy@intentsolutions.io
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
| Timeline | Action |
|---|---|
| 48 hours | Acknowledgment of report |
| 7 days | Initial assessment |
| 30 days | Fix timeline communicated |
| 90 days | Public disclosure (coordinated) |
In scope:
- Smart contracts (
src/) - Deployment scripts (
script/) - SDK (
sdk/) - Subgraph (
subgraph/)
Out of scope:
- Third-party dependencies (report upstream)
- Dashboard UI-only issues
- Already known issues in GitHub Issues
We will not pursue legal action against researchers who:
- Act in good faith
- Avoid privacy violations and data destruction
- Do not exploit vulnerabilities beyond proof-of-concept
- Report findings promptly and confidentially
No formal bug bounty program exists yet. Significant findings may be rewarded at maintainer discretion.
- Primary: jeremy@intentsolutions.io
- PGP: Available upon request