| Version | Supported |
|---|---|
| main | ✅ |
Please do not open a public GitHub issue for security vulnerabilities.
Report security issues by opening a private GitHub Security Advisory or emailing the maintainers directly.
Include:
- Description of the vulnerability and its potential impact
- Steps to reproduce or proof-of-concept
- Affected component (frontend / contracts / backend)
You will receive acknowledgement within 48 hours and a resolution timeline within 7 days.
Given KnowledgeFlow handles real financial transactions via Soroban smart contracts, the highest-priority security concerns are:
- Smart contract escrow logic (fund locking, release, refund)
- Wallet connection and transaction signing
- Session lifecycle state management
- Off-chain API authentication