Circle BBP icon Circle BBP HackerOne

Target Policy
https://hackerone.com/circle-bbp?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • checkout.circle.com
    URL
    critical
  • api.circle.com
    URL
    critical
  • https://github.com/circlefin/evm-cctp-contracts
    SMART_CONTRACT
    critical
  • https://snowtrace.io/token/0xB97EF9Ef8734C71904D8002F8b6Bc66Dd9c48a6E
    SMART_CONTRACT
    critical
  • https://github.com/circlefin/stablecoin-sui
    SOURCE_CODE
    critical
  • https://tronscan.org/#/token20/TEkxiTehnzSmSe2XqrBj4w32RUN966rdz8
    SMART_CONTRACT
    critical
  • https://github.com/circlefin/sui-cctp
    SOURCE_CODE
    critical
  • https://stellar.expert/explorer/public/asset/USDC-GA5ZSEJYB37JRC5AVCIA5MOP4RHTM335X2KGX3IHOJAPP5RE34K4KZVN
    SMART_CONTRACT
    critical
  • https://github.com/circlefin/stablecoin-evm
    SMART_CONTRACT
    critical
  • com.cybavo.auth

    CYBAVO Authenticator

    GOOGLE_PLAY_APP_ID
    critical
  • 1422565459

    CYBAVO Authenticator

    APPLE_STORE_APP_ID
    critical
  • https://flowscan.org/contract/A.b19436aae4d94622.FiatToken
    SMART_CONTRACT
    critical
  • https://github.com/circlefin/evm-gateway-contracts
    SMART_CONTRACT
    critical
  • https://etherscan.io/token/0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48
    SMART_CONTRACT
    critical
  • https://app.dragonglass.me/hedera/tokens/0.0.456858
    SMART_CONTRACT
    critical
  • https://etherscan.io/token/0x1aBaEA1f7C830bD89Acc67eC4af516284b1bC33c
    SMART_CONTRACT
    critical
  • https://github.com/circlefin/noble-fiattokenfactory
    SMART_CONTRACT
    critical
  • https://github.com/circlefin/buidl-wallet-contracts
    SMART_CONTRACT
    critical
  • https://algoexplorer.io/asset/31566704
    SMART_CONTRACT
    critical
  • http://github.com/circlefin/noble-cctp
    SMART_CONTRACT
    critical
  • https://solscan.io/token/EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v
    SMART_CONTRACT
    critical
  • app.circle.com
    URL
    critical
  • https://github.com/circlefin/stablecoin-aptos
    SOURCE_CODE
    critical
  • console.circle.com

    Only the web2 portion of console.circle.com is in scope. Anything smart contract/smart contract platform or otherwise web3 related is not in scope.

    Researchers should make it clear they're HackerOne researchers in their username and email domain, and must be using testnet.

    URL
    critical
  • https://github.com/circlefin/evm-cctp-contracts
    SMART_CONTRACT
    critical
  • https://github.com/circlefin/solana-cctp-contracts
    SMART_CONTRACT
    critical
  • http://github.com/circlefin/noble-cctp
    SMART_CONTRACT
    critical
  • api.circle.com

    Testing should be done on api-sandbox.circle.com.

    URL
    critical
  • app.circle.com

    Testing should be done on app-sandbox.circle.com.

    URL
    critical
Target Scope Domains
  • api.circle.com
  • app.circle.com
  • checkout.circle.com
  • console.circle.com
Tech Stack
  • Cloudflare
  • Hsts
  • Next.Js
  • Node.Js
  • React
  • Webpack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kxss
allkxss
1 week, 4 days ago
Finished
auto-gausubs-2-kxss
  • Fleet: allkxss
  • Duration: 18.08 Minutes
  • Finished: 1 week, 4 days ago