If you discover a security vulnerability in AfriDollar, please report it to us responsibly.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please send an email to our security team at:

• Email: security@afridollar.com

Please include the following information in your report:

• A description of the vulnerability
• Steps to reproduce the vulnerability
• Potential impact of the vulnerability
• Any suggested mitigation or fix (if available)
• Your contact information for follow-up

We will acknowledge receipt of your vulnerability report within 48 hours and provide a detailed response within 7 days indicating the next steps in handling your report.

While we work to resolve the vulnerability, please:

• Do NOT exploit the vulnerability in any way
• Do NOT disclose the vulnerability publicly until we have addressed it
• Do NOT use the vulnerability to access data that is not yours

AfriDollar implements several security measures:

• All API communications are encrypted using TLS 1.2+
• Sensitive data is encrypted at rest
• Wallet private keys are encrypted using industry-standard encryption

• Multi-factor authentication support
• Role-based access control (RBAC)
• JWT-based authentication with short-lived tokens

• KYC/AML verification procedures
• FATF-aligned controls
• Transaction monitoring
• Asset authorization controls
• Clawback functionality where required

• Comprehensive audit logging
• Real-time transaction monitoring
• Infrastructure monitoring
• Automated security scanning

When contributing to AfriDollar, please follow these security guidelines:

• All code changes must go through pull request review
• Security-sensitive changes require approval from at least two maintainers
• Never commit secrets, API keys, or sensitive data

• Regularly update dependencies to address security vulnerabilities
• Run npm audit before committing changes
• Report any security issues in dependencies

• Write security tests for authentication and authorization
• Test for common vulnerabilities (SQL injection, XSS, etc.)
• Use environment variables for configuration, never hardcode secrets

• Never expose private keys in code or logs
• Use Stellar's built-in security features (multisig, authorization flags)
• Validate all Stellar transactions before submission
• Implement proper error handling for network operations

• Stellar Security Best Practices
• OWASP Top 10
• Node.js Security Best Practices

We will announce security updates through:

• GitHub Security Advisories
• Release notes
• Official communication channels

By reporting a security vulnerability, you agree that your report will be used to improve the security of AfriDollar and that we may disclose the vulnerability after it has been fixed.

Thank you for helping keep AfriDollar secure! 🔒