Skip to content

Latest commit

 

History

History
35 lines (22 loc) · 1.32 KB

File metadata and controls

35 lines (22 loc) · 1.32 KB

StellarForge Security Policy

Security is a top priority for the StellarForge project. As a Soroban-based smart contract library, we build, review, and maintain code with a focus on protecting user assets, preserving contract integrity, and enabling responsible disclosure.

Supported Versions

Version Status
1.0.x Supported
0.9.x Unsupported
0.8.x and earlier Unsupported

Reporting a Vulnerability

If you discover a security issue, do NOT open a public GitHub issue. Public posts can expose vulnerabilities and increase risk to users.

Please report privately via:

  • Email: [Your Email]
  • GitHub Private Vulnerability Reporting feature

Disclosure Process

  1. We will acknowledge receipt within 48 hours.
  2. We may request additional details or reproduce the issue.
  3. We will provide an estimated timeline for a fix.
  4. We coordinate disclosure to avoid exposing users before a safe patch is available.

Scope

This policy covers the core StellarForge smart contracts, including forge-oracle and other contracts in this repository (such as forge-governor, forge-multisig, forge-stream, forge-vesting), plus any shared libraries that directly affect contract security.


We value security researchers and appreciate responsible reporting to help us keep the ecosystem safe.