| Version | Supported |
|---|---|
| 1.6.x | ✅ |
| 1.5.x | ✅ |
| < 1.5 | ❌ |
DO NOT open a public GitHub issue for security vulnerabilities.
If you find a vulnerability that could expose private keys, drain funds, or compromise wallet security:
- Email: khasbimln@gmail.com
- Twitter DM: @itseywacc
- PGP: Available on request
For non-critical security issues (dependency vulnerabilities, info disclosure, etc.):
- Open a private security advisory
- Or email khasbimln@gmail.com
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix/patch: Within 2 weeks for critical issues
We don't have a formal bug bounty program yet, but we acknowledge all security researchers in our changelog and README.
When using Web3 Agent Kit:
- Never commit private keys to version control
- Use environment variables for all secrets
- Enable the Spend Governor to limit transaction amounts
- Use the kill switch for emergency stops
- Audit smart contracts before interacting with them
- Test on testnets first before mainnet deployment