# Security Policy ## Supported Versions | Version | Supported | | ------------------------ | --------- | | Makalu Testnet (current) | Yes | ## Reporting a Vulnerability We take security seriously. If you discover a security vulnerability in the Lithosphere protocol, explorer, APIs, or any associated infrastructure, please report it responsibly. ### How to Report * **Email**: * **Subject line**: `[SECURITY] ` * **Include**: Steps to reproduce, affected components, potential impact, and any suggested fixes ### What to Expect 1. **Acknowledgment**: We will acknowledge receipt of your report within 48 hours. 2. **Assessment**: Our team will assess the severity and impact within 5 business days. 3. **Resolution**: We will work on a fix and coordinate disclosure with you. 4. **Credit**: With your permission, we will credit you in the security advisory. ### Scope The following are in scope for responsible disclosure: * Lithosphere node software (`lithod`) * Explorer and block explorer APIs (`makalu.litho.ai`) * Public RPC endpoints (`rpc.litho.ai`, `api.litho.ai`) * Smart contract standards (LEP100) * SDKs and developer tools ### Out of Scope * Denial-of-service attacks against production infrastructure * Social engineering of team members * Third-party services not operated by Lithosphere ### Disclosure Policy * Do not publicly disclose the vulnerability before we have had a chance to address it. * Do not exploit the vulnerability beyond what is necessary to demonstrate it. * Do not access or modify data belonging to other users. ## Security Audits Lithosphere is actively pursuing third-party security audits. Completed audit reports will be published here with scope statements and remediation status as they become available. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://whitepaper.litho.ai/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.