# Security Policy

## Supported versions

Only the **latest deployed contracts and frontend** are supported.
Old/test deployments may be paused or abandoned.

## Reporting a vulnerability

If you believe you have found a security issue in:

- a smart contract,
- the frontend (web site / dApp),
- infrastructure related to IBITIcoin,

please report it **privately** via:

- Email:  
- or, if email fails: `info@ibiticoin.com`

### Please include

- Which component is affected (contract name, function, URL).
- Detailed description and, if possible, a proof-of-concept.
- Network (BSC mainnet / testnet / local).

We kindly ask you **not to** open public GitHub Issues or post details
in public chats before we have time to analyse and fix the problem.

## Response process

1. We will acknowledge your report as soon as reasonably possible.
2. We will investigate and, if confirmed, prepare a fix or mitigation.
3. For on-chain critical issues we may:
   - pause affected contracts (if supported),
   - disable parts of the frontend,
   - publish a public incident report after mitigation.

## Rewards

At this stage there is **no formal bug bounty program**.  
However, we appreciate responsible disclosure and may offer
non-binding rewards (IBITI, NFTs, public credit) at our discretion.

## Legal

- Do not exploit vulnerabilities beyond what is necessary to prove them.
- Do not access, copy or modify user data.
- Do not perform denial-of-service attacks in production.