| Version | Supported |
|---|---|
| 0.x | ✅ Yes |
Do not open a public GitHub issue for security vulnerabilities.
Please email security@lumigift.com with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested mitigations
We will acknowledge your report within 48 hours and aim to release a fix within 14 days for critical issues.
In scope:
- Smart contract vulnerabilities (fund loss, unauthorized claims)
- Authentication bypass
- API injection or data exposure
- Dependency vulnerabilities with known exploits
Out of scope:
- Social engineering
- Denial of service via resource exhaustion
- Issues requiring physical access to a device