| Version | Supported |
|---|---|
| 0.2.x-devnet | ✅ |
| < 0.2.0 | ❌ |
Do not open a public issue for security vulnerabilities.
Please report security issues by emailing security@casematelabs.com with:
- A description of the vulnerability
- Steps to reproduce (proof of concept if possible)
- Affected version(s)
- Any potential impact assessment
We will acknowledge your report within 48 hours and aim to provide a detailed response within 5 business days.
This policy applies to:
- Solana programs (
programs/vaultpact,programs/vaultpact-escrow) - SDK (
@holdfastprotocol/sdk) - Eliza plugin (
@holdfastprotocol/eliza-plugin) - Indexer, oracle, and keeper services
Holdfast Protocol is in devnet-only pre-release. No mainnet deployment exists. A formal security audit is planned before any mainnet release.