We currently support the following versions with security updates:

We take the security of FactorChain seriously. If you believe you have found a security vulnerability in any of our contracts, backend services, or frontend applications, please report it to us as soon as possible.

Please do not report security vulnerabilities via public GitHub issues.

Instead, please send an email to security@factorchain.app with the following information:

• A description of the vulnerability and its potential impact.
• Steps to reproduce the vulnerability (including proof-of-concept code if possible).
• Any details about the environment or configuration where the vulnerability was found.

We will acknowledge receipt of your report within 48 hours and provide a timeline for resolution. We ask that you follow responsible disclosure practices and give us time to address the issue before making any public announcements.

We are currently in the process of setting up a formal bug bounty program. In the meantime, we may provide rewards for significant security findings at our discretion.

The smart contracts in this repository are currently unaudited. We are planning a formal security audit in Q4 2025. Please use with caution on testnet and do not use with real funds on mainnet until an audit has been completed and publicly shared.