# SolGun Security Policy
# https://solgun.gg/.well-known/security.txt
#
# This file follows RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116).
# If you discover a security vulnerability in SolGun (the website,
# the matchmaking server, or the on-chain escrow program), please
# report it through one of the contacts below. We will acknowledge
# receipt within 72 hours.

Contact: mailto:security@solgun.gg
Contact: https://x.com/SolgunGG
Expires: 2027-04-22T00:00:00.000Z
Preferred-Languages: en, es
Canonical: https://solgun.gg/.well-known/security.txt
Policy: https://solgun.gg/security-policy

# Scope
# In scope:
#   - https://solgun.gg and all subdomains
#   - The SolGun matchmaking WebSocket server
#   - The on-chain escrow program (Solana mainnet-beta):
#       Program ID: 6ikt9m5HucYgej3yGDrzti5zjJnRr5k91VqGkjYQqtRF
#
# Out of scope:
#   - Third-party wallets (Phantom, Solflare, etc.)
#   - Solana RPC providers
#   - Volumetric DDoS, rate-limit bypass without security impact,
#     and reports generated solely by automated scanners

# Disclosure
# Please give us 90 days from the date of report to remediate before
# any public disclosure. Coordinated disclosure is appreciated.