Security fixes are applied to:
main
Please do not disclose vulnerabilities publicly before triage.
Report security issues by email to security@smainer.io.
Include the following in your report:
| Field | Details |
|---|---|
| Affected component | backend, contracts, frontend, telegram, or desktop |
| Impact summary | Brief description of the potential impact |
| Reproduction steps | Step-by-step guide to reproduce |
| Proof-of-concept | Any PoC details (optional but helpful) |
We will acknowledge receipt as soon as possible and coordinate a responsible disclosure timeline.
- Never commit private keys, mnemonics, API secrets, or credentials.
- Use environment variables for secrets.
- Validate all blockchain transaction inputs and addresses.