Loading…
Loading…
Security at Fyxvo is described in terms of the live product boundary rather than marketing language. The control plane, relay gateway, wallet auth flow, on-chain program, webhook delivery, and public web surfaces are all part of the system users rely on today.
The live scope includes the Anchor program, project activation path, funding instructions, treasury accounting, and authority configuration that govern how devnet balances are managed.
The live scope also includes wallet authentication, JWT session handling, project authorization, API key issuance, scope enforcement, rate limiting, webhook delivery, and relay routing at api.fyxvo.com and rpc.fyxvo.com.
The web app is part of the real security boundary. Browser-side issues such as XSS, CSRF, broken auth transitions, and client-side exposure of protected actions are all treated as meaningful reportable findings.
Fyxvo is live on devnet private alpha. That means the product is operating for real users, but it is not presented as a public paid mainnet service and does not claim the risk profile of a finalized production rollout.
Do not file public issues for vulnerabilities. Send the issue description, reproduction steps, impact, and any mitigation ideas to security@fyxvo.com. The working target is acknowledgment within 48 hours, critical remediation inside 7 days when feasible, and a coordinated write-up only after the risk has been addressed.