The following versions of ProofOfHeart-stellar are currently receiving security updates:

We take security vulnerabilities seriously. If you discover a security issue in ProofOfHeart-stellar, please do not open a public GitHub issue.

Send a detailed report to:

Email: security@proofofheart.io

Please include the following in your report:

• A clear description of the vulnerability
• Steps to reproduce the issue
• The potential impact (e.g. fund loss, unauthorised access, overflow)
• Any proof-of-concept code or transaction examples if applicable

• Acknowledgement: We will acknowledge receipt of your report within 48 hours.
• Status updates: We will keep you informed of our progress and expected timeline.
• Resolution: We aim to resolve critical vulnerabilities within 7 days and non-critical issues within 30 days.
• Credit: With your permission, we will credit you in the release notes once the vulnerability is fixed.

This policy covers the on-chain Soroban smart contract (src/) and any official tooling in this repository. Frontend integrations or third-party services built on top of the contract are out of scope unless the vulnerability originates from the contract itself.

• Vulnerabilities in dependencies outside our control (e.g. soroban-sdk)
• Issues already publicly disclosed
• Theoretical attacks without a realistic exploit path

We follow a coordinated disclosure process. Please allow us reasonable time to investigate and patch the vulnerability before making any public disclosure.

Thank you for helping keep ProofOfHeart-stellar and its users safe.