We take the security of Quantara seriously. If you discover a security vulnerability, please report it responsibly.
Do not report security vulnerabilities through public GitHub issues.
Instead, please email us at: security@quantara.protocol
You should receive a response within 48 hours. If you do not receive a response, please follow up to ensure we received your report.
We aim to:
- Acknowledge receipt of vulnerability reports within 48 hours
- Provide an initial assessment within 5 business days
- Release a fix within 90 days of confirmation (depending on severity)
This security policy covers:
- The Quantara smart contracts (Soroban)
- The backend API (FastAPI)
- The frontend application (React)
- The build and deployment pipeline
| Version | Supported |
|---|---|
| Latest | ✅ |
We request that you:
- Give us reasonable time to fix the issue before public disclosure
- Make a good faith effort to avoid privacy violations and data destruction
- Do not exploit the vulnerability beyond what is necessary to demonstrate the issue