QuantumHarmony is an experimental research testnet implementing post-quantum cryptographic primitives. It is not production-ready and has not been audited.

If you discover a security vulnerability, please report it responsibly:

1. Do NOT open a public GitHub issue for security vulnerabilities
2. Email security concerns to: security@quantumverseprotocols.com
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact assessment
   • Any suggested fixes (optional)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 7 days
• Resolution Timeline: Varies by severity

• SPHINCS+ signature implementation
• Consensus mechanism vulnerabilities
• Key management in pallet-sphincs-keystore
• Runtime security issues
• Cryptographic primitive misuse

• Known limitations documented in README
• Issues in upstream dependencies (report to respective projects)
• Denial of service on testnet (expected for research network)
• Social engineering attacks

This is a research testnet. Known security considerations:

1. No Security Audit: Code has not been professionally audited
2. Experimental Cryptography: Post-quantum primitives are implemented for research
3. Test Keys in Repository: Development keys exist in tools/ - these are NOT production keys
4. No Economic Security: Testnet tokens have no value; do not use for real assets

The repository contains development/test keys in:

• tools/runtime-upgrade/src/main.rs - Test account keys for local development
• Various test files

These keys are for development only and must never be used in any production context.

We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities (with permission).