VOOI is a non-custodial platform. We take the security of our software, APIs, and smart contracts seriously.
Do not open a public issue for security vulnerabilities.
Report privately through one of these channels:
- Telegram: @vooi_support_bot
- GitHub: use private vulnerability reporting on the affected repository
Please include:
- A description of the vulnerability and its impact
- Steps to reproduce (proof of concept if possible)
- Affected component, repository, or endpoint
We aim to acknowledge reports within 72 hours and will keep you updated on remediation progress. Please give us a reasonable window to fix the issue before any public disclosure.
If you believe a VOOI API token has been exposed, revoke it immediately at ultra.vooi.io/api-tokens and generate a new one. Never commit tokens to git or share them in chats, issues, or screenshots.