Added External PRs General Acceptance Criteria

This is an improved criteria added for upcoming hackatons. This addition may be removed or improved after the hackaton.

CONTRIBUTING.md

@@ -43,6 +43,18 @@ Since this is a security-sensitive project, we encourage everyone to be proactiv
 * **Comment** when leaving feedback without explicit approval or rejection. This is useful for design and implementation discussions.
 * **Approve** when changes look good from a correctness, security, design and implementation standpoint.
 
+All unit and integration tests pass without loss of coverage (e.g can't remove tests without writing equivalent or better ones).
+
+All code paths on new code must be unit tested, including sensible edge cases and expected errors. Exceptions to this rule must be justified (i.e. highly similar paths already tested) in written form in the PR description. 
+
+Any update to a dependency must come with a corresponding PR to the https://github.com/rsksmart/reproducible-builds repository, where it is demonstrated that the downloaded binary code's hash matches that of an independent compilation. The RSK team will audit the new code in order to protect the project security.
+
+New dependencies are discouraged in order to minimize the attack surface. However, when the problem requires it, the new dependency will follow the same procedure as an update to an existing one dependency.
+
+In order to ease review, it is expected that the code diff is maintained to a minimum. This includes things like not changing unrelated files, not changing names or reordering code when there isn't an evident benefit.
+
+When automatic code quality and security checks are ready in the pipeline for external PRs, then the PR must pass all PR validations including code coverage (Sonar), code smells (Sonar), Security advisories (Sonar, LGTM).
+
 ## Styleguides
 
 ### Pull request etiquette