| Version | Supported |
|---|---|
| V1 (Testnet) | ✅ Active development |
| Mainnet | Not yet deployed |
Please do not open a public GitHub issue for security vulnerabilities.
Email: security@learnvault.xyz (or hello@learnvault.xyz if no dedicated address yet)
Please include the following in your report:
- Description of the vulnerability
- Steps to reproduce
- Affected contract(s) or component(s)
- Your assessment of severity
- Acknowledgement within 48 hours
- Assessment within 7 days
- Fix timeline communicated within 14 days
- In scope: All Soroban smart contracts in
contracts/, the frontend at the deployed URL - Out of scope: Third-party dependencies (report to them directly), social engineering
Responsibly disclosed vulnerabilities will be credited in the project changelog.