submit bug report: https://hiro.soOut of scope
The following items are considered out of scope for the Hiro bug bounty program:
Stacks Blockchain: For issues related to the Stacks blockchain, please report them through the Stacks Blockchain Bounty Program.
Ordinals Protocol: The Hiro bug bounty program does not cover reports related to the Ordinals protocol.
Bitcoin: Reports related to the Bitcoin blockchain are also out of scope for the Hiro bug bounty program.
Disclosure Policy
We kindly request that you adhere to the following guidelines when participating in our program:
Upon discovering a potential security issue, please notify us as soon as possible, and after the investigation and thorough evaluation, we will make every effort to resolve the issue promptly.
Please provide us with a reasonable amount of time to investigate and address the issue before disclosing it to the public or any third party. Our team is available Monday to Friday and will make a best effort to meet the following SLAs for hackers participating in our program:
First Response: 2 business days
Time to Triage: 7 business days
Time to Resolution: will depend on severity and complexity
Make a good faith effort to avoid privacy violations, data destruction, and interruption or degradation of our services. Only interact with accounts you own or with explicit permission from the account holder.
We request that you refrain from engaging in activities such as:
Denial of service attacks
Spamming
Social engineering (including phishing) targeting Hiro PBC staff or contractors
or any physical attempts against Hiro PBC property or data centers.
Thank you for your valuable contributions to maintaining the security of Hiro and our users. We greatly appreciate your efforts in helping us create a safe and reliable Stacks ecosystem.
