Skip to content

Security: squidcode/onsight-api

Security

SECURITY.md

Security Policy

Onsight moves real money (USDC escrow on Base) and authenticates owner actions with wallet signatures. If you find a vulnerability in the payment flow, escrow, refund, or signature-auth logic, we want to hear from you.

Reporting

Do not open a public issue for security vulnerabilities.

Please include enough to reproduce: the request, the response, and (for payment/settlement issues) the on-chain txHash — which is public and safe to share. Do not include private keys or signatures from a real funded wallet.

We'll acknowledge within a few business days and keep you posted on the fix. Please give us a reasonable window to patch before any public disclosure.

There aren't any published security advisories