Currently, the latest release on the main branch is supported with security updates.
We take the security of ProofOfHeart seriously. If you discover a security vulnerability within the ProofOfHeart frontend or contract integration, please do not disclose it publicly. Instead, please report it privately via our responsible disclosure process.
Please send an email to security@proofofheart.org (or the core maintainers' contact) to report any security vulnerabilities.
- Soroban contract integrations and transaction building
- Authentication, signature generation, and wallet integrations
- Malicious payload execution (XSS, Injection)
- Business logic bypasses
- We will acknowledge receipt of your vulnerability report within 48 hours.
- We will send you regular updates about our progress in addressing the issue.
- We ask that you maintain confidentiality until we have patched the vulnerability and published a fix.
Thank you for helping keep ProofOfHeart secure!