trustRent handles real money. Please do not open a public GitHub issue for security vulnerabilities.

Email: security@trustrent.xyz
PGP Key: docs/security/pgp-key.asc

We aim to acknowledge reports within 24 hours and patch critical issues within 72 hours.

• Smart contract logic (escrow, arbitration)
• API authentication and authorization
• Key handling and signing flows
• Dependency vulnerabilities

• Issues in testnet-only deployments with no real funds
• Social engineering attacks