Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in P&L, please report it responsibly.

Contact

Email: predictlaunchpump@gmail.com
Discord: P&L Security Channel

Guidelines

Please DO NOT:

Open a public GitHub issue for security vulnerabilities
Exploit the vulnerability on mainnet
Share details publicly before the issue is resolved

What to include in your report:

Description of the vulnerability
Steps to reproduce
Potential impact
Any suggested fixes (optional)

Response Timeline

Acknowledgment: Within 48 hours
Initial assessment: Within 7 days
Resolution timeline: Depends on severity, we'll keep you updated

Scope

The following are in scope for security reports:

Smart Contracts: P&L Solana program (plp_program/)
Web Application: Frontend and API routes
Backend Services: Blockchain sync, Socket.IO server

Out of Scope

Third-party services (pump.fun, Privy, Helius, Jupiter, Pinata)
Social engineering attacks
DoS/DDoS attacks
Issues already reported or known

Recognition

We appreciate security researchers who help keep P&L safe. Responsible disclosures may be acknowledged in our documentation (with your permission).

There aren't any published security advisories