To assist with this we are pleased to announce the start of the eosfinex bug bounty program, featuring prizes worth up to $5000 for the discovery of potential exploits. The bug bounty is open to everyone and we encourage you to get involved.
ELIGIBILITY:Any bug that acts as a serious vulnerability, either to the security of our site or the integrity of our system, can be eligible. Please keep in mind that all issues are up to the discretion of the eosfinex team. This includes (in some cases):
- Cross-Site Request Forgery (CSRF)- Cross-Site Scripting (XSS)- Remote Code Execution (RCE)- Code Injection- Privilege Escalation- Authentication Bypass- Leakage of Sensitive Data
RULES:- Any improbable or theoretical vulnerability, the output of automated scanner and the use of denial of service tools is considered out-of-scope and will not be counted. - We explicitly prohibit any action that would serve to interrupt or damage eosfinex services. This includes server shutdown, storage wipe, injection of malicious files on the server (such as webshells) etc.- All reported bugs must be reproducible.- All participants must make responsible disclosures.- All iFinex contractors are excluded from participating.
Discuss the bug bounty with the eosfinex team here: https://t.me/eosfinexproject.