Blockstack is building a new decentralized internet where users own their data and apps run without remote servers.
We're rethinking DNS, identity, authentication, and application infrastructure and working to make the internet a better place.
That said, we can't get there without the dedicated work of skilled security researchers like yourself.
We want your help and together we can make the internet safer and more free.
If you've found a bug in our products or supporting libraries, please notify us and we'll work with you to resolve this issue as soon as possible.
Thanks for being a part of the Blockstack community.
Severity | Reward
Very low severity bugs | $25+
Low severity bugs | $50+
Medium severity bugs | $150+
High severity bugs | $300+
Critical severity bugs | $600+
In general, we strive to reward a bounty after triage.
Blockstack Core - the
blockstack_registrar folder is deprecated code and is out of review scope.
Blockstack Browser - the Blockstack browser uses a client-side authentication scheme, this means that user sessions are not related across multiple devices, and"signing out" of one device will not affect others. Reports related to this behavior will not be accepted.
Supporting Python libraries:
The main Blockstack website:
While researching, we'd like to ask you to refrain from:
Thank you for helping keep Blockstack and our users safe!
The public program Blockstack on the platform Hackerone has been updated on 2019-12-10, The lowest reward is 25 $.