The release process describes sBTC's approach to security (4-eyes, decentralization, no single point of failure, chain-of-trust from code to artifacts, attestations).
Please do not file a public issue or PR mentioning the vulnerability.
If you have identified a vulnerability, please:
- E-mail us your findings at
[email protected]. - Encrypt your findings using our PGP key, provided below.
| Name | Fingerprint |
|---|---|
| [email protected] | DFD9 33A6 C455 0ED4 C046 7133 F78A DC4F 9F65 58DD |
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZ+0wkRYJKwYBBAHaRw8BAQdAZd3UBaYBvYr3wzmrvhe/gZ8J53CO7eeQA5Yo
XrgpDK60N3NlY3VyaXR5QGJpdGNvaW5sMmxhYnMuY29tIDxzZWN1cml0eUBiaXRj
b2lubDJsYWJzLmNvbT6IlAQTFgoAPBYhBN/ZM6bEVQ7UwEZxM/eK3E+fZVjdBQJn
7TCRAhsDBQkB4TOABAsJCAcEFQoJCAUWAgMBAAIeBQIXgAAKCRD3itxPn2VY3RkN
AP46xrKE+BPoWlIeaPdoiQ9K5qIMW1p2yUm80mHhM9kXrgEA3BR6Le6ryQISjfSH
TpdJGxc92QQsFmy05eTDjggC4wG4OARn7TCREgorBgEEAZdVAQUBAQdAIgllD3+6
zq9SemqJ/bIyseu3RBGPLmeayrxtiwiy1S8DAQgHiH4EGBYKACYWIQTf2TOmxFUO
1MBGcTP3itxPn2VY3QUCZ+0wkQIbDAUJAeEzgAAKCRD3itxPn2VY3SkXAP41ekdx
p4m+39c5PdaprZrz7su8EJ8SOwiuDf6QQI9hrwD/UmN6EES8THy8xN5vj5WMUgXF
YlmGr2MoyB92KmX3gwc=
=Ou/9
-----END PGP PUBLIC KEY BLOCK-----The Stacks Foundation has partnered with ImmuneFi to reward honest researchers who find and responsibly disclose security vulnerabilities in our critical code. Bounties are payable in the Stacks token (STX) for accepted, high-quality submissions.
Learn more here: https://bounty.stacks.org.
Please visit https://stacks.org/security for the most up-to-date information on Stacks' security policy.