This library interacts with blockchain networks and processes real financial transactions. Bugs or vulnerabilities may result in irreversible loss of funds.

• No warranty. Provided "AS IS" without warranty of any kind, express or implied, including but not limited to merchantability, fitness for a particular purpose, and non-infringement.
• Unaudited. The codebase has not undergone a formal security audit. Undiscovered vulnerabilities may exist despite extensive testing and strict linting.
• Use at your own risk. The authors and contributors accept no responsibility for financial losses, damages, or other liabilities arising from the use of this software.
• Testnet first. Always validate on testnets before deploying to mainnet.
• Key management. Users are solely responsible for the secure handling of private keys and signing credentials.

Only the latest version receives security updates.

If you believe you have found a security vulnerability in this repository, please report it via GitHub Security Vulnerability Reporting or via email to gitctrlx@gmail.com if that is more suitable for you.

Please do not report vulnerabilities through public channels such as GitHub issues, discussions, or pull requests, to avoid exposing the details of the issue before it has been properly addressed.

We don't implement a bug bounty program or bounty rewards, but will work with you to ensure that your findings get the appropriate handling.

When reporting a vulnerability, please include as much detail as possible to help us triage and resolve the issue efficiently. Information that will be specially helpful includes:

• The type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the issue
• The location of the affected source code (e.g., tag, branch, commit, or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if available)
• The potential impact, including how the issue might be exploited by an attacker

Our vulnerability management team will respond within 3 working days of your report. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90-day disclosure timeline.

If you have any questions about reporting security issues, please contact our vulnerability management team at gitctrlx@gmail.com.