We actively support and provide security updates for the following versions:

We take the security of the OpenLedger smart contracts very seriously. If you discover a security vulnerability, please follow these steps:

Please do not report security vulnerabilities through public GitHub issues.

Send an email to: security@openledger.xyz

Include the following information:

• Type of vulnerability
• Full details of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• We will acknowledge receipt of your report within 48 hours
• We will provide a detailed response within 7 days
• We will keep you informed of our progress toward a fix

• We will work with you to understand and resolve the issue quickly
• We will credit you for the discovery (if desired)
• We will not disclose the vulnerability until a fix is available and deployed

• Always use the latest stable versions of dependencies
• Review all code changes before deployment
• Run comprehensive test suites before deploying
• Use formal verification tools when possible
• Follow the checks-effects-interactions pattern
• Implement proper access controls
• Use reentrancy guards where necessary

• Verify contract addresses before interacting
• Use official interfaces and frontends
• Be cautious of phishing attempts
• Keep your private keys secure
• Use hardware wallets for large amounts
• Review transaction details before signing

All contracts in this repository have been audited by professional security firms. Audit reports are available in the audit/ directory.

• OpenLedger OPEN Token - Final Report
• OpenLedger WOPEN & GOPEN - Final Report

We operate a bug bounty program for responsible disclosure. Rewards are determined based on:

• Severity of the vulnerability
• Quality of the report
• Impact on the protocol

Please contact security@openledger.xyz for more information.

Email: security@openledger.xyz

For non-security issues, please use GitHub Issues.