Leather Wallet
External Program
Submit bugs directly to this organization
Leather Wallet
External Program
Submit bugs directly to this organization
Leather is a Bitcoin wallet with one mission: to drive the global transition to a digital economy built on Bitcoin.
At our company, we truly understand the importance of keeping our products secure and reliable for our valuable customers. We are thankful for the diligent work done by external security researchers who have helped us improve the safety of the Bitcoin Layers ecosystem. Their contributions are priceless, and we are committed to making our products' safety and security our top priority.
If you have encountered a bug or vulnerability in our products, we strongly urge you to report it to us. We will collaborate with you closely to swiftly investigate and fix the issue.
The following Leather products and repositories are in scope for the bug bounty program:
The following items are considered out of scope for the Leather bug bounty program:
We kindly request that you adhere to the following guidelines when participating in our program:
Upon discovering a potential security issue, please notify us as soon as possible, and after the investigation and thorough evaluation, we will make every effort to resolve the issue promptly.
Please provide us with a reasonable amount of time to investigate and address the issue before disclosing it to the public or any third party. Our team is available Monday to Friday and will make a best effort to meet the following SLAs for hackers participating in our program:
Make a good faith effort to avoid privacy violations, data destruction, and interruption or degradation of our services. Only interact with accounts you own or with explicit permission from the account holder.
We request that you refrain from engaging in activities such as:
We reserve the right to modify the Bug Bounty Program or cancel the Bug Bounty Program at any time.
Gold Standard Safe Harbor supports the protection of organizations and hackers engaged in Good Faith Security Research. “Good Faith Security Research” is accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.
We consider Good Faith Security Research conducted with a good faith effort to comply with our program policy to be authorized activity that is protected from adversarial legal action by us. We waive any relevant restriction in our Terms of Service (“TOS”) and/or Acceptable Use Policies (“AUP”) that conflicts with the standard for Good Faith Security Research outlined here.
This means that for Good Faith Security Research conducted with a good faith effort to comply with our program policy and while this program is active, we:
You should contact us for clarification before engaging in conduct that you think may be inconsistent with Good Faith Security Research or unaddressed by our policy. Keep in mind that we are not able to authorize security research on third-party infrastructure, and a third party is not bound by this safe harbor statement.
Thank you for your valuable contributions to maintaining the security of Leather Wallet and our users. We greatly appreciate your efforts in helping us create safe and reliable products for the Bitcoin ecosystem.