If you discover a security vulnerability in Evaxora, please report it responsibly.
Do NOT open a public issue for security vulnerabilities.
- Go to the Security Advisories page
- Click "New draft security advisory"
- Fill in the vulnerability details
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- 24 hours — Acknowledgment of report
- 72 hours — Initial assessment
- 7 days — Fix deployed or mitigation plan shared
- Contracts are deployed on Base Sepolia (testnet)
- No mainnet funds are at risk
- Contract source is verified on BaseScan
| In Scope | Out of Scope |
|---|---|
| Smart contract vulnerabilities | UI/UX bugs |
| Access control issues | Already reported issues |
| Fund-related logic flaws | Third-party dependencies |
| Private key exposure | Testnet-only issues |
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |