Open AndreiD opened 4 years ago
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
This issue now has a funding of 0.027 ETH (10.21 USD @ $377.98/ETH) attached to it as part of the CoinMode fund.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
Work has been started.
These users each claimed they can complete the work by 265 years, 5 months from now. Please review their action plans below:
1) atiwat31 has been approved to start work.
ต้องการเงินลงทุนความเสี่ยงสูง80%-90%ต้องการฝ่ายสนันสนุน 2) pensebien has been approved to start work.
Hello coinmode, I would love to test for a vulnerability on this application 3) nikolay73731 has been approved to start work.
Hi ou HD st k oh d my utg jkuhkkmkjf 4) x00x00 has been approved to start work.
Security report sent already from myfaketestid@gmail.com thanks 5) solhack has applied to start work _(Funders only: approve worker | reject worker)_.
Hello CoinMode
I am a Penetration Tester at Snode Technologies and I am very much interested in finding those pesky cybersecurity issues for you 6) graomelo has applied to start work _(Funders only: approve worker | reject worker)_.
I will be very happy to contribute to the safety of the project.
Learn more on the Gitcoin Issue Details page.
⚡️ A tip worth 0.01300 ETH (5.27 USD @ $405.11/ETH) has been granted to @x00x00 for this issue from @AndreiD. ⚡️
The sender had the following public comments:
test send
Nice work @x00x00! Your tip has automatically been deposited in the ETH address we have on file.
⚡️ A tip worth 0.77000 ETH (301.22 USD @ $391.19/ETH) has been granted to @x00x00 for this issue from @AndreiD. ⚡️
Nice work @x00x00! Your tip has automatically been deposited in the ETH address we have on file.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
Work for 1.0 ETH (382.58 USD @ $382.58/ETH) has been submitted by:
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
Work for 1.0 ETH (2209.99 USD @ $2291.53/ETH) has been submitted by:
@andreid please take a look at the submitted work:
CoinMode Security Bounty Program
Status: ACTIVE!
CoinMode looks forward to working with the security community to find security vulnerabilities in order to keep our businesses and users safe.
If you discover a severe bug affecting the privacy, data, or security of our users we ask that you disclose responsibly and privately. For security related vulnerabilities we reward researchers for private and professional disclosure.
Non-security issues (eg: style issues) are not eligible for this bounty.
If you have any questions, please join our discord channel at https://discord.gg/79GMQzC
At the registration, you will encounter this
the access code is: "VIP"
Guidelines
Participating in our security bounty program requires you to follow our guidelines. Responsible investigation and reporting includes, but not limited to the following:
Don't repeatedly request updates on your reports. Coinmode is a small team and constant requests for updates can render your report ineligible. Allow us up to 7 days to respond to your messages.
Only use your own account to test issues in production.
Social engineering attacks, physical access, spearfishing, etc. are not eligible.
Payouts will be made to the first individuals who submit a report.
The Coinmode team has the final say in all determinations of bounty payouts including severity, classification, amount, whether the report falls under our guidelines, etc.
Vulnerabilities should be disclosed directly to the Coinmode team by emailing security@coinmode.com - Both parties shall keep strictly confidential and shall not disclose, or cause or permit to be disclosed, to any person or entity, (i) any information about the vulnerabilities. These communications must remain confidential to be eligible.
Threats, ransom demands, unprofessional language, etc. of any kind will automatically disqualify you from participating in the program.
The only domain eligible for the bounty program is https://coinmode-staging.com - no subdomains, related services, etc. are within the scope of the program.
Vulnerability Scope Any significant vulnerability may be eligible for an award provided it follows the guidelines set in this document.
Some examples of eligible issues are:
Ineligible issues are from the following types but not limited to them: Stack Traces, Clickjacking, Brute Force Attacks, Vulnerabilities in third party services or third party platforms, Vulnerabilities affecting outdated browsers or operating systems and many more.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.
Judging criteria will take into consideration: The criticality of the exploits (e.g., users/cases impacted, size of impact)
Eligible Reports must contain enough information and a proof of concept code, screenshots or video recording. After a report is made and confirmed, efforts will be made to fix the issue. Researchers agree to assist in the testing of the fixes.
Safe Harbor Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Thank you for helping keep CoinMode and our users safe!