gitcoinbot
commented
3 years ago Issue Status: 1. Open 2. Started 3. Submitted 4. Done
This issue now has a funding of 0.027 ETH (10.21 USD @ $377.98/ETH) attached to it as part of the CoinMode fund.
- If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
- Want to chip in? Add your own contribution here.
- Questions? Checkout Gitcoin Help or the Gitcoin Chat
- $903,213.53 more funded OSS Work available on the Gitcoin Issue Explorer
CoinMode Security Bounty Program
Status: ACTIVE!
CoinMode looks forward to working with the security community to find security vulnerabilities in order to keep our businesses and users safe.
If you discover a severe bug affecting the privacy, data, or security of our users we ask that you disclose responsibly and privately. For security related vulnerabilities we reward researchers for private and professional disclosure.
Non-security issues (eg: style issues) are not eligible for this bounty.
If you have any questions, please join our discord channel at https://discord.gg/79GMQzC
At the registration, you will encounter this
the access code is: "VIP"
Guidelines
Participating in our security bounty program requires you to follow our guidelines. Responsible investigation and reporting includes, but not limited to the following:
Don't repeatedly request updates on your reports. Coinmode is a small team and constant requests for updates can render your report ineligible. Allow us up to 7 days to respond to your messages.
Only use your own account to test issues in production.
Social engineering attacks, physical access, spearfishing, etc. are not eligible.
Payouts will be made to the first individuals who submit a report.
The Coinmode team has the final say in all determinations of bounty payouts including severity, classification, amount, whether the report falls under our guidelines, etc.
Vulnerabilities should be disclosed directly to the Coinmode team by emailing security@coinmode.com - Both parties shall keep strictly confidential and shall not disclose, or cause or permit to be disclosed, to any person or entity, (i) any information about the vulnerabilities. These communications must remain confidential to be eligible.
Threats, ransom demands, unprofessional language, etc. of any kind will automatically disqualify you from participating in the program.
The only domain eligible for the bounty program is https://coinmode-staging.com - no subdomains, related services, etc. are within the scope of the program.
Vulnerability Scope Any significant vulnerability may be eligible for an award provided it follows the guidelines set in this document.
Some examples of eligible issues are:
Ineligible issues are from the following types but not limited to them: Stack Traces, Clickjacking, Brute Force Attacks, Vulnerabilities in third party services or third party platforms, Vulnerabilities affecting outdated browsers or operating systems and many more.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.
Judging criteria will take into consideration: The criticality of the exploits (e.g., users/cases impacted, size of impact)
Eligible Reports must contain enough information and a proof of concept code, screenshots or video recording. After a report is made and confirmed, efforts will be made to fix the issue. Researchers agree to assist in the testing of the fixes.
Safe Harbor Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Thank you for helping keep CoinMode and our users safe!