Do not open a public GitHub issue for security vulnerabilities.

Please email nemesistip@gmail.com with:

• A clear description of the vulnerability
• Steps to reproduce (proof-of-concept if possible)
• Affected component (backend, smart contract, frontend, etc.)
• Potential impact assessment

We will acknowledge receipt within 48 hours and aim to release a fix within 7 days for critical issues.

• vit-network — FastAPI backend, authentication, wallet
• vit-contracts — Smart contracts on Base L2
• vit-sdk — TypeScript SDK
• VITCoin token contract

• Third-party APIs (Football-Data.org, The Odds API)
• Issues in dependencies already reported upstream