| Version | Supported |
|---|---|
| 0.4.x | Yes |
| 0.3.x | Security fixes only |
| < 0.3 | No |
If you discover a security vulnerability in NULLTX, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Send an email to security@nulltx.xyz with the following information:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgement: Within 48 hours of receipt
- Initial assessment: Within 5 business days
- Resolution target: Within 30 days for critical issues, 90 days for non-critical
- You will receive an acknowledgement email confirming receipt of your report.
- We will investigate and validate the vulnerability.
- We will work on a fix and coordinate disclosure with you.
- Credit will be given to reporters unless anonymity is requested.
This policy applies to the NULLTX on-chain program, CLI, and SDK. Third-party dependencies are out of scope but will be forwarded to the relevant maintainers.