At ModeSpray, we take security seriously and are committed to protecting our users. We appreciate responsible security researchers who help us identify and fix vulnerabilities in a responsible manner.

If you believe you have found a security vulnerability in ModeSpray, we encourage you to report it as soon as possible.

• How to report: Please create a GitHub Issue in our repository: GitHub repo link.
• What to include in your report:
  • A clear explanation of the vulnerability.
  • Steps to reproduce the issue.
  • Any potential security impact.
  • Any suggested fixes, if applicable.

🚨 Only issues that allow unauthorized token extraction or transaction execution without user consent are considered critical. ModeSpray is a community-driven project, and all users are responsible for their own security.

• Act in good faith and responsibly.
• Do not exploit, leak, or use the vulnerability for malicious purposes.
• Do not conduct attacks that could harm users, including DoS, social engineering, or phishing.
• Do not demand payment, blackmail, or threaten legal action.

• We will acknowledge the report within 48 hours.
• We will investigate the issue and, if valid, work on a fix.
• We will credit the researcher (if they wish) after the fix is deployed.

At this time, ModeSpray does not have a bug bounty program. While we appreciate responsible reports, we do not offer financial rewards.

• Unauthorized access, modification, or disruption of services may be illegal.
• We do not tolerate extortion, threats, or blackmail related to security reports.
• Any unethical behavior will be reported to the appropriate authorities.

Thank you for helping keep ModeSpray safe for the community! 🙌