At Hiro PBC we build developer tools for the Stacks blockchain, which enables apps and smart contracts on Bitcoin.

Keeping our user's assets safe and secure is a top priority. We welcome the contribution of external security researchers and look forward to awarding them for their invaluable contribution to the security of the Stacks ecosystem.

We provide a desktop cryptocurrency wallet called Stacks Wallet so our developers, users, and investors alike can manage their STX tokens. We need your help securing over $1 billion in market capitalization through the protection of this product.

If you've found a bug in the Stacks Wallet for desktop, please notify us and we'll work with you to resolve this issue as soon as possible.

Important note: Hackerone bounties are not available for other products or libraries provided by Hiro PBC at this time.

Thanks for being a part of the Stacks community.

Rewards

| Severity | Reward |

| ---------------------- | ------ |

| Low severity bugs | $50+ |

| Medium severity bugs | $150+ |

| High severity bugs | $300+ |

| Critical severity bugs | $600+ |

In general, we strive to reward a bounty after triage.

Scope

• Stacks Wallet for desktop (macOS, Windows, or Linux) Github repository

• Stacks Wallet for the web (Chrome, Brave, or FireFox) Github repository

• Stacks Explorer Github repository

Out of scope

Anything else provided by Hiro PBC is out of scope and not eligible for rewards at this time.

For blockchain related issues, please report them here:

• Stacks Blockchain program

Disclosure Policy

• Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.

• Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.

• Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Exclusions

While researching, we'd like to ask you to refrain from:

• Denial of service

• Spamming

• Social engineering (including phishing) of Hiro PBC staff or contractors

• Any physical attempts against Hiro PBC property or data centers

Thank you for helping keep Hiro and our users safe!