| Version | Supported |
|---|---|
| 0.1.x | Yes |
Do not report security vulnerabilities through public GitHub issues.
Please email security@deegalabs.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
You will receive a response within 48 hours. We will work with you to understand and address the issue before any public disclosure.
The following are in scope:
@polisprotocol/core— schema validation, config parsing@polisprotocol/bff— authentication, authorization, API security@polisprotocol/contracts— smart contract vulnerabilities@polisprotocol/react— XSS, injection vectors
For vulnerabilities in deployed contracts on Base mainnet, please include the contract address and chain ID in your report. Critical contract vulnerabilities may qualify for a bug bounty (to be announced).