We actively support the following versions with security updates:

We take security vulnerabilities seriously. If you discover a security vulnerability, please follow these steps:

1. Do NOT open a public GitHub issue
2. Email security details to: security@lachancelab.com
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• ✅ All contracts are audited before deployment
• ✅ Use established patterns (OpenZeppelin, Anchor)
• ✅ Comprehensive test coverage
• ✅ Formal verification where applicable

• ✅ Use only audited VRF providers (Chainlink, ORAO)
• ✅ Verify randomness on-chain
• ✅ Implement replay attack protection
• ✅ Use commit-reveal schemes for critical operations

• ✅ Multi-signature wallets for treasury
• ✅ Role-based access control
• ✅ Time-locks for critical operations
• ✅ Emergency pause mechanisms

This project has undergone security audits by:

• [Audit Firm Name] - [Date]
• [Audit Report Link]

We follow responsible disclosure practices:

• Reporters will be credited (if desired)
• We will work with you to fix the issue
• Public disclosure after fix is deployed
• Bounty program available for critical vulnerabilities

None at this time. All known vulnerabilities have been patched.

Subscribe to security advisories:

• GitHub Security Advisories: [Enable notifications]
• Email: security@lachancelab.com

Last Updated: 2025-01-XX