Security policy, vulnerability disclosure, and bug bounty for Quantova, the post-quantum Layer 1 for institutional settlement — how to report, what's in scope, and how disclosure is coordinated.

Official Rust client for Quantova, the post-quantum Layer-1 — built by Quantova alongside qweb3.js and qweb3.py. Connect, derive Q addresses, use the QVM and QNS, and sign with post-quantum keys. Quantova's own implementation, not a fork or copy.

Quantova's post-quantum security contribution to the Polkadot SDK: a NIST post-quantum signature layer (Dilithium, Falcon, SPHINCS+) and SHA3-256 brought to the Substrate/FRAME tech stack. Reference repository showing the work — to build on Quantova, use the qweb3.js and qweb3.py client libraries.

Read-only security & conformance tests for the Quantova bridge. Verifies structure and on-chain protections (light client, replay nonces, threshold, finality, governance) via node + REST. No keys, no signing, no fund movement.

A browser portal into the Quantova network — explorer, accounts, signing, staking, and governance — adapted from the Polkadot-JS apps portal and made post-quantum end to end. Connects to any Quantova node over the q_ JSON-RPC API.

Verification labs for Quantova consensus over the q_ JSON-RPC API — post-quantum signature checks, no-ecrecover, deterministic no-VRF slot leadership, and SHA3-256. Evidence the node behaves as specified; not a substitute for audit.

Public REST API for the Quantova network — read on-chain state, submit signed transactions, estimate fees, and bridge assets over HTTP. A single zero-dependency gateway in front of a live Quantova node.

Practical, rigorous checklists for building, securing, and shipping applications and infrastructure on Quantova, the post-quantum Layer 1 for institutional settlement — written to be copied straight into a pull request, launch ticket, or audit scope.

QMask is the native Quantova wallet — a browser extension for Chrome, Firefox, and Brave that creates quantum-resistant Quantova accounts and signs transactions with post-quantum keys (Dilithium, Falcon, SPHINCS+). It injects a post-quantum signer so any compatible dapp can request signatures from your accounts.

Formal specifications for Quantova's consensus — a post-quantum NPoS Layer 1 that separates block production from finality and removes quantum-vulnerable randomness.

Free TQTOV for the Quantova testnet via Qtox.io — claim guide, testnet setup, and a reference faucet service + UI. Get a quantum-resistant address in QMask, paste it, receive TQTOV.

Post-quantum client library for the Quantova network — query state, subscribe, and sign/submit transactions with Dilithium, Falcon & SPHINCS+ keys, via fully-typed Promise and RxJS APIs.

Curated index of post-quantum cryptography libraries and quantum-resistant blockchain projects, maintained for the Quantova ecosystem.

Developer documentation and tutorials for Quantova, the post-quantum Layer 1 for institutional settlement — the Markdown/MDX content that powers the docs on the Quantova website.

Quantova's post-quantum interoperability layer — verifiable, proof-based bridges to Ethereum, BSC, and Tron. Cross-chain transfers settle against cryptographically proven finalized state, with Quantova-side verification secured by Falcon, Dilithium, and SPHINCS+.

Quantova's public security archive — advisories (QSA), incident reports (QIR), and post-mortems (QPM), published after a fix is live. To report a vulnerability, use the bug bounty channels, not this repo.

Quantova governance spec — referendum classes, participation bonds, vote lock-ups, post-quantum signing, and a read-only security check for auditors.

Runnable Quantova examples in qweb3.js and qweb3.py — transfer, QVM contract call, QNS resolution, and a post-quantum governance vote. Runs against a local node or the testnet.

The Quantova Grants Program, funding for open-source software and research that strengthens the post-quantum Layer-1 ecosystem. Apply by opening a pull request with the application template, or through quantova.org/grants. Grants are non-dilutive and paid in QTOV against delivered milestones.

Genesis, raw chain specs, bootnodes, and public RPC endpoints for Quantova mainnet and testnet — plus the full specification of a post-quantum Layer-1: NIST signatures (Dilithium, Falcon, SPHINCS+), SHA3-256, deterministic ~2.5s blocks / ~3s finality, and a constant 20-byte address model.