Please report security issues privately to contact@satoshidata.ai.
Do not open a public issue for suspected vulnerabilities involving:
- Campaign Key handling
- wallet proof verification
- payment or anchor flows
- file upload handling
- admin-token protected routes
- deployment configuration
Fund Registry makes a narrow trust claim: a registry page is canonical within a given deployment, and paid proof states indicate that the listed Bitcoin wallet participated in the proof flow. It does not verify identity, campaign truth, or donor safety.