# VPAY Genesis · ecoventafrica.com
# RFC 9116 security disclosure policy
# Last updated: 2026-05-17

Contact: mailto:Ano@ecoventafrica.com
Expires: 2027-05-17T00:00:00.000Z
Preferred-Languages: en
Canonical: https://ecoventafrica.com/.well-known/security.txt
Policy: https://ecoventafrica.com/compliance.html

# Responsible disclosure
#
# We welcome security research from the community. If you believe you have
# discovered a vulnerability affecting ecoventafrica.com, our on-chain
# contracts on Polygon Mainnet, or any VPAY Genesis infrastructure, please
# reach out via the Contact address above with:
#
#   - A clear description of the issue
#   - Steps to reproduce
#   - Any proof-of-concept (please do not publish before coordinated disclosure)
#
# We will acknowledge receipt within 72 hours and provide a remediation
# timeline within 7 business days. Researchers acting in good faith and
# following coordinated disclosure will be credited in our security
# acknowledgements (with permission) and will not face legal action.
#
# On-chain contracts under scope:
#   SovereignToken     0x5833ABF0Ecfe61e85682F3720BA4d636084e0eC0
#   AttestationBridge  0x0ba2c622a2571c449fed251b165096f48adb8b0a
#   KommitBridge v1.2  0x6b986ef2efdb5852f1daa51e450e3eca86b1590e
#   MasieBridge v1.0   0x358c50c1dae9ad41d0070a3767221f3c191b22f6
#   Safe (admin)       0xFc93b70fAa2045e19CEae43d1b645b2137c68A67