| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability within the vesting-cliff-drip-stream smart contract, please send an email to security@example.com. All security vulnerabilities will be promptly addressed.
Please do NOT report security vulnerabilities through public GitHub issues.
When reporting a vulnerability, please include:
- A description of the vulnerability and its potential impact
- Detailed steps to reproduce the issue
- Any proof-of-concept code if applicable
- Your suggested fix (if any)
- Acknowledgment: We will acknowledge receipt of your report within 48 hours.
- Initial Assessment: We will provide an initial assessment within 5 business days.
- Resolution: We aim to resolve critical vulnerabilities within 30 days of confirmation.
We currently do not offer a bug bounty program. However, we greatly appreciate responsible disclosure and will credit researchers who help improve the security of this project.
When using this smart contract:
- Audit your deployment: Always audit the contract code before deploying to mainnet
- Use testnet first: Test thoroughly on Stellar testnet before mainnet deployment
- Monitor transactions: Set up monitoring for unexpected contract interactions
- Keep dependencies updated: Regularly update all dependencies to their latest secure versions
- A security patch is developed and tested in a private fork
- The patch is reviewed by at least two maintainers
- A security advisory is prepared
- The patch is released and the advisory is published
- Users are notified through GitHub releases
For any security concerns, please contact:
- Email: security@example.com
- GitHub: Create a private security advisory at https://github.com/AlienScroll78/vesting-cliff-drip-stream/security/advisories/new