Security

Frostsnap is designed from first principles to protect bitcoin against a wide range of attacks. Our threat model has been refined over years of research, our source code is public, and we welcome scrutiny from the security community. If you believe you've discovered a vulnerability affecting Frostsnap devices, software, or infrastructure, please report it to security - at - frostsnap.com.

Please encrypt sensitive matters: pgp.txt

PGP Fingerprint: 
F19C CCCD 876B 6E57 FB71  2206 A9D5 981F 42B0 EA50

Devices & Firmware

The devices are the ultimate line of defense in our threat model and where the bulk of our engineering effort goes. The following classes of attack are central to the design, and we want to hear about anything that could weaken our defenses against them:

  • Key share extraction or injection
  • Bypassing user transaction confirmation
  • Arbitrary code execution without firmware warning
  • Defeating device encryption
  • Physical and supply chain attacks

Coordinator App

Frostsnap is built on the assumption that the host computer can be compromised, which is why every security-critical action is confirmed on the device displays. Coordinator issues still matter to us:

  • Modification of data sent to or received from devices
  • Third-party library and supply chain vulnerabilities
  • Cross-site scripting with clear security impact

Web Infrastructure

  • Sensitive data exposure
  • Payment and order tampering
  • Server misconfigurations allowing unauthorized access

Out of Scope

  • Phishing or social engineering attacks
  • Missing security headers without proof of concept
  • Reports from automated scanners without demonstrated exploitability
  • Outdated libraries without significant, exploitable vulnerabilities

Responsible Disclosure

By submitting a vulnerability, you agree to provide us time to diagnose and resolve the issue before sharing details publicly. We will coordinate disclosure together.

  • Use exploits solely to verify the existence of vulnerabilities
  • Do not engage in testing that degrades our systems or impacts users
  • Do not exploit vulnerabilities beyond what is necessary to confirm them
  • Avoid unauthorized access, storage, or destruction of data

Submitting a Report

Email security - at - frostsnap.com. For sensitive matters, we can provide instructions for setting up an encrypted channel.

Include:

  • Description of the vulnerability and its potential impact
  • Clear steps to reproduce, proof-of-concept.
  • Explanation of how it affects Frostsnap's security.
  • How you'd like to be credited (if at all)

Frostsnap is open source. You can deterministically build the device firmware to verify upgrades. Or contribute to the code! github.com/frostsnap

Contact

security - at - frostsnap.com