Security Policy

Supported Versions

Version

Supported

Makalu Testnet (current)

Yes

Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability in the Lithosphere protocol, explorer, APIs, or any associated infrastructure, please report it responsibly.

How to Report

Email: [email protected]
Subject line: [SECURITY] <brief description>
Include: Steps to reproduce, affected components, potential impact, and any suggested fixes

What to Expect

Acknowledgment: We will acknowledge receipt of your report within 48 hours.
Assessment: Our team will assess the severity and impact within 5 business days.
Resolution: We will work on a fix and coordinate disclosure with you.
Credit: With your permission, we will credit you in the security advisory.

Scope

The following are in scope for responsible disclosure:

Lithosphere node software (lithod)
Explorer and block explorer APIs (makalu.litho.ai)
Public RPC endpoints (rpc.litho.ai, api.litho.ai)
Smart contract standards (LEP100)
SDKs and developer tools

Out of Scope

Denial-of-service attacks against production infrastructure
Social engineering of team members
Third-party services not operated by Lithosphere

Disclosure Policy

Do not publicly disclose the vulnerability before we have had a chance to address it.
Do not exploit the vulnerability beyond what is necessary to demonstrate it.
Do not access or modify data belonging to other users.

Security Audits

Lithosphere is actively pursuing third-party security audits. Completed audit reports will be published here with scope statements and remediation status as they become available.

PreviousLithosphere Next_sidebar

Last updated 5 hours ago

hashtagSupported Versions

hashtagReporting a Vulnerability

hashtagHow to Report

hashtagWhat to Expect

hashtagScope

hashtagOut of Scope

hashtagDisclosure Policy

hashtagSecurity Audits