We take the security of our Solana program seriously. If you believe you have found a security vulnerability, please report it to us through GitHub's private vulnerability reporting feature.

Please DO NOT report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Insetead, use GitHub's private security advisory system or email security@onswig.com.

We will acknowledge receipt of your vulnerability report within 48 hours and strive to provide regular updates about our progress. We aim to resolve critical issues within 30 days of disclosure.

This security policy applies to:

• The Solana program deployed on mainnet
• Associated client libraries and SDKs
• Smart contract code in this repository

We support safe harbor for security researchers who:

• Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services
• Only interact with accounts you own or with explicit permission of the account holder
• Do not exploit a security issue you discover for any reason

We maintain a hall of fame for security researchers who have responsibly disclosed vulnerabilities. With your permission, we will publicly acknowledge your contribution after the issue is resolved.