| Version | Supported |
|---|---|
| 1.0.x | ✅ |
If you discover a security vulnerability, please email:
Please do NOT open a public issue.
We'll respond within 48 hours and work with you to address the issue.
If you plan to use this code in production:
- Never commit private keys - Use environment variables or secret managers
- Use hardware wallets - For production wallets holding real funds
- Implement rate limiting - Prevent payment spam
- Add escrow logic - For trustless transactions
- Conduct security audit - Review all smart contract interactions
- Monitor transactions - Set up alerts for unusual activity
- Implement access controls - Whitelist/blacklist addresses
- Test thoroughly - On testnet with realistic scenarios
- No built-in refund mechanism
- No dispute resolution
- No reputation system
- Single-signature transactions only
- No payment batching
These are acceptable for a hackathon demo but should be addressed for production.