We maintain the latest main and develop branches. Only the latest release is actively supported with security updates.
| Version | Supported |
|---|---|
| main | β Yes (latest) |
| develop | |
| others | β No |
If you discover a vulnerability in any part of the Elparadisogonzalo ecosystem:
- DO NOT open a public issue.
- Please report it privately and responsibly via email:
- π§ [email protected]
- Include:
- Reproduction steps (if any)
- Affected component (e.g., smart contract, API endpoint, frontend)
- Severity level
We aim to respond within 48 hours.
- β Smart contracts are verified and deployed with transparent ABIs.
- β MetaMask integration uses secure Web3 injection only on user interaction.
- β Wallet private keys are never exposed in code or logs.
- β CI/CD pipelines include static code scanning and test coverage checks.
- β IPFS content hashes (CIDs) are validated before domain updates.
- β
Domain ownership is verified through
openai-domain-verification.
- π Static analysis via
slither,mythx, andsolhint - β
CI check using
hardhat test,solc, anddependabot.yml - π§° Linting: ESLint + Prettier for JS/TS; Solidity formatting via
prettier-plugin-solidity - π§ͺ GitHub Actions run automated test & build checks on PRs
- π OpenZeppelin libraries are used for trusted smart contract patterns
- Acknowledge report (within 48h)
- Investigate and reproduce
- Patch vulnerability
- Publish CVE advisory or changelog note
- Credit researcher (if desired)
We appreciate ethical hackers and researchers who help secure the Elparadisogonzalo ecosystem.