If you discover a security vulnerability within GuildNet, please send an email to the maintainers. All security vulnerabilities will be promptly addressed.
Please do NOT report security vulnerabilities through public GitHub issues.
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
- All smart contracts are deployed on Casper Testnet (not mainnet)
- Private keys should never be committed to version control
- Contract package hashes are publicly verifiable on the Casper Testnet explorer
- Environment variables containing API keys and private keys must be stored securely
- The backend uses CSPR.cloud for blockchain RPC access - tokens should be rotated regularly
- Venice AI API keys must be kept confidential
- CSPR.click wallet integration handles key management client-side
- No private keys are stored in the frontend
- Never commit secrets - Use
.envfiles and ensure they are in.gitignore - Rotate keys regularly - Especially CSPR.cloud and Venice AI tokens
- Use testnet only - All deployments are on Casper Testnet for hackathon purposes
- Verify contract hashes - Always verify deployed contract hashes match expected values