| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Bug Bounty campaign pool | 13638 | |||||||||||||||||||||||
2 | Telegram username | Bug description | Link to the screenshot 1 | Link to the screenshot 2 | Link to the screenshot 3 | Link to the screenshot 4 | Status | Stakes | Tokens | ||||||||||||||||
3 | aswadq | Cost of electricity should be $0.03 not 0.03 cents as presented on IRM website under section "how it works" line 4. | done | 1 | 325 | ||||||||||||||||||||
4 | @zainejj | Bug1 , Price on dashboard | Bug2, White Paper Bug | Bug3, Bonus on Website and Dashboard Diff | Bug4, ROCK1 Doesn't have a name for it on DashBoard | Bug5, FAQ is TPZ Tokens Info | Bug6, HyperLink for T&C agreements redirect back to dashboard | Bug7, Cheap electricity [spelling error] | Bug8, Shapeshift [spelling error] | Bug9, Key advantages and Cave features are the same | Bug10, Min investment is $100 but able to send in lesser than $100 and go through | Bug11, USD Amount value allow to pay less than $100 | Bug12, Rock2 is whole number but on dashboard it shows 0.x | Bug13, Copy button for mobile (chrome/brave) not working | Bug14, Interface error for FAQ Bottom page expansion error | Bug15, Website shows Accept BTC/ETH but whitepaper shows accepting BTC/ETH/LTC/BCH | https://drive.google.com/drive/folders/1xi3kr_hIDZG1r4k4AeBdbbwfLfcJKEc4?usp=sharing | done | 1 | 325 | |||||||||||||||||||
5 | @zainejj | Dashboard shows 50% bonus is until 20.2.2018 but website shows 10.2.2018 | done | 1 | 325 | ||||||||||||||||||||
6 | Ramesh jeyaraman | Authentication cookies are re-usable even after a user decides to explicitly logout. On logout of application the session cookie should be invalidated. But in your site ,on logout user is user is shown as logout, but the cookies are not invalidated really.With the same session cookies , were able to login to the account. This is an high security issue which need to be fixed soon. https://ico.icerockmining.io Reproduce attack 1. In Chrome install EditThisCookie(https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg/related?hl=en) addon. 2. Open the application and login with your credentials 3. In the top right click the addon and click the “Export” (Cookies are copied in the clipboard) 4. Logout from the application. 5. Open the application login URL .open the addon and click the “import” option .(Paste the clipboard data) and click on Green Tick mark which is at bottom. 6. Refresh the page, you would see that you are logged into the application without entering your credentials Please let me know if you need more details. Thanks | done | 1 | 325 | ||||||||||||||||||||
7 | Ramesh Jeyaraman | Subject : Sensitive password reset token leaked to 3rd party sites ..... Hi Developer Team , In your application password reset process ,user can request reset link for his account. Your system will send mail to user to reset his account password. User would click the link in his mail , which will open the page to reset the account password. https://ico.icerockmining.io While loading the reset page , multiple 3rd party link are opened in background simultaneously . You can see the request using any tools like burp, sniper etc. Users reset token is leaked to this 3rd party sites through referrer . Replication Steps: Go to your site and request forget password. Click on the link received in your registered email. Open tools like sniper or burp and see the request traffic. In the Request traffic you can see the users reset token is getting leaked to 3rd party sites, by which the account can be taken over Note : I am not able to attach my reference screen shot in this mail . If you need , please alert me via mail to support / share . Mail id : sathyavathiramesh1602@gmail.com Regards Ramesh | done | 1 | 325 | ||||||||||||||||||||
8 | @Noahbreezy | Major Bug in the link. You get an unsecured link first when you google "icerockmining". You have to add the "https://" manually. | http://prntscr.com/iebvqq | http://prntscr.com/iebx36 | http://prntscr.com/iebyuk | done | 1 | 325 | |||||||||||||||||
9 | @Noahbreezy | A typo in the FAQ. I reported it to Zaine in support chat before. | http://prntscr.com/idnj2s | done | 1 | 325 | |||||||||||||||||||
10 | @Noahbreezy | Spelling error: Has to be mining farm instead of mining farming. | http://prntscr.com/iem505 | done | 1 | 325 | |||||||||||||||||||
11 | @bitcoinloop | Medium link in main website is wrong. Goes to suspended account. https://medium.com/@awwalayoolaadeogun/bounty-ico-rock-ice-rock-mining-huge-payouts-e2c7c2e075c6 | https://imgur.com/a/2WESr | done | 1 | 325 | |||||||||||||||||||
12 | @benjaminoo | On the icerockmining.io website, there are links at the top that point to the Bonuses and FAQ. These seem to work fine on the home page. However, things start to break down when you move to the Dataroom page. Once you're on the Dataroom page, clicking on those links don't do anything. Here's the reason. Those links point to "anchors" on the site - which means they point to a certain PART of the same page instead of an entirely different page. On the home page, clicking them simply scrolls to the part of the page that is required. However, those same sections are not present on the Dataroom page, and so the links no longer work. The fix is simple: Change the link on Bonuses to point to http://icerockmining.io/#bonuses Change the link on FAQ to point to http://icerockmining.io/#faq By the way, the Calculator button works on the same anchor principle but it is set up correctly. | http://icerockmining.io/dataroom.html | done | 1 | 325 | |||||||||||||||||||
13 | @Albert_Lee | Wrong Foundico ICO rating score on main page (should be higher) | https://www.dropbox.com/s/mwikhn24mt3cnql/foundico%208.2.png?dl=0 | https://www.dropbox.com/s/dl9mf8nvza67osm/foundico8.3.png?dl=0 | done | 1 | 325 | ||||||||||||||||||
14 | @Albert_Lee | Actual icomarks rating higher than listed on website (8.1 instead of 8.0) | https://www.dropbox.com/s/gt0amapgoi0n86u/icomarks8.0.png?dl=0 | https://www.dropbox.com/s/22hpvat4tuv7gmi/icomarks8.1.png?dl=0 | done | 1 | 325 | ||||||||||||||||||
15 | @Albert_Lee | 0.03 cents per kw hr versus 3 cents per kw hr descriptions | https://www.dropbox.com/s/6nrd7mlxd7kthtg/0.03cents.png?dl=0 | https://www.dropbox.com/s/q1x9l82dj7ki0ty/3%20cents.png?dl=0 | done | 1 | 325 | ||||||||||||||||||
16 | @Albert_Lee | 425% returns versus 439% returns descriptions on main page | https://www.dropbox.com/s/qzzwthqk6ydiwss/425.png?dl=0 | https://www.dropbox.com/s/0rcx4wf5nhoe6gq/439.png?dl=0 | done | 1 | 325 | ||||||||||||||||||
17 | @Albert_Lee | Double "BTC" at end of sentence... "1. BTC always drops and rises up 📉 📈 The question - do you believe in Bitcoin or not? In our case, we strongly believe in BTC BTC" | https://www.dropbox.com/s/hda3bqdew1w455a/btcbtc.png?dl=0 | done | 1 | 325 | |||||||||||||||||||
18 | @Albert_Lee | feb11 pre-sale start on site vs feb20 pre-sale start in whitepaper | https://www.dropbox.com/s/olwt3z60bryogyi/feb11.png?dl=0 | https://www.dropbox.com/s/bwmwz0e4rjvh12d/feb20.png?dl=0 | done | 1 | 325 | ||||||||||||||||||
19 | @Albert_Lee | Press Section: kriptoparahaber link to article not working | https://www.dropbox.com/s/q2ahpss0uolgm6f/kriptoparahaber.png?dl=0 | done | 1 | 325 | |||||||||||||||||||
20 | @Albert_Lee | Press Section: Link to medium article not working as user is suspended | https://www.dropbox.com/s/1us864f6lvbgefv/medium.png?dl=0 | done | 1 | 325 | |||||||||||||||||||
21 | @Albert_Lee | Typo: "so we are definitely will succeed" -> "so we definitely will succeed" | https://www.dropbox.com/s/77e445o3vm20iyy/sowedefinitely.png?dl=0 | done | 1 | 325 | |||||||||||||||||||
22 | markk | when you allow notifications on chrome it shows up old info for example today 20.02.18 i clicked allow and it showed that soon will end 50% bonus but its already ended (it showed couple mins after i allowed) | done | 1 | 325 | ||||||||||||||||||||
23 | markk22 | Misspell in website | https://imgur.com/a/mnqGm | https://imgur.com/a/ItyyA | done | 1 | 325 | ||||||||||||||||||
24 | markk22 | its regarding bug which i reported before about notiflication in chrome i got it again and made screenshot so here you go hope it helps out | https://imgur.com/a/zikra | done | 1 | 325 | |||||||||||||||||||
25 | @uyarsam | The box from the chat where we have to write our email to receive a one page summary doesn't accept my email. | https://drive.google.com/file/d/10Np9JqXeyvoiAD7Ber5PMOaD5urjLgzK/view | done | 1 | 325 | |||||||||||||||||||
26 | @Albert_Lee | In profit calculator google sheet, cell A8 states "Investors 45% profit ,$", should be 50% instead. | done | 1 | 325 | ||||||||||||||||||||
27 | @Albert_Lee | In Profit calculator, cell B13 formula shd be "=$B$8*(B12*20/50)/$B$3+B12" instead of current "=$B$8*(B12*0.2)/$B$3+B12". Once formula is corrected, it can be dragged down for the rest of the cells. | done | 1 | 325 | ||||||||||||||||||||
28 | @Albert_Lee | In spreadsheet calculator, cost of asic is $2500. In your "how is income calculated" pop-up faq, it is $2300. This causes difference between figures in the example later on. E.g., hash rate per basic unit of 54 in excel and 58.7 in pop-up explanation. | done | 1 | 325 | ||||||||||||||||||||
29 | @NuggetGolden | Above countdown timer on website it should say "45% bonus will be over in" it is missing "be" | https://icerockmining.io/ | done | 1 | 325 | |||||||||||||||||||
30 | @uyarsam | Token price in order's details is wrong. See the price (in ETH in this case) per token from the dashboard in screenshot 1 It is not more or less equal to the price for 1 token in the investment details where 1 ROCK2 = 1 ETH. That should be 0.15000433 ETH / 185.76 ROCK2 = 0.0008075173 ETH for 1 ROCK2 for this payment. Screenshot 3 is only the folder link of the other screenshots 1 and 2. | https://i.imgur.com/UIu2ydp.jpg | https://i.imgur.com/BklTWOm.jpg | https://m.imgur.com/a/US9Hk | done | 1 | 325 | |||||||||||||||||
31 | @NuggetGolden | In FAQ "Where do I write about collaboration?" Instead of "We are opened for collaboration." it should say "We are open to collaboration." | https://icerockmining.io | done | 1 | 325 | |||||||||||||||||||
32 | @NuggetGolden | In FAQ under "What is the minimum amount I should purchase in order to join?" the word "sir" should be removed from "Minimal is $ 100, Sir" as it implies only males can invest. One youtuber already made fun of you for this reason. | https://icerockmining.io/ | done | 1 | 325 | |||||||||||||||||||
33 | @NuggetGolden | In FAQ under "Do you have referral bonuses?" you say yes but it has recently been suspended so this should be updated on the main website. | https://icerockmining.io/ | done | 1 | 325 | |||||||||||||||||||
34 | @NuggetGolden | Under videos section, in "What is Ice Rock?" section, under heading "Cave Features", in one sentence it says "Moreover, own several square meters of the land around us, providing for easy capacity to grow. " It should say (see CAPS) "Moreover, WE own several ACRES/HECTARES of the land around us, providing for easy capacity to grow. " because if you say several square meters that is tiny! Gives bad impression. Or simply say "Moreover, WE own SOME LAND around us, providing for easy capacity to grow. " | https://icerockmining.io/ | done | 1 | 325 | |||||||||||||||||||
35 | @Vadim_Koshka | Здравствуйте, нашел баг связаный с пунктом на вашем сайте "Сколько зарабатывают наши инвесторы" и с формулой подсчёта доходности за второй месяц. На 1 скриншоте видно что на Реинвестиции берутся 20% от Полной доходности(100%), Исходя из Скриншота 2, Где для примера берем расчет инвестиции в 1000$, мы видим что: - "Со второго месяца считается по формуле: ((30*58,7/13500)*30*0,5)*(195,7*0,2)/10+195,7 = 211,28" Тут указано что мы берем 20% от нашей доходности за первый месяц (195,7*0,2) То есть 20% от $195,7. Хотя по вашему первому скриншоту видно что мы должны брать 20% от 100% доходности за месяц то есть $391,4. Пожалуйста исправьте вашу ошибку. И сообщите верно ли я всё указал и оказался ли прав? | https://imgur.com/a/wSsgJ | https://imgur.com/a/kHUdt | done | 1 | 325 | ||||||||||||||||||
36 | @uyarsam | Would not this sound better in this words: "Release date of the first portion of tokens" instead of "The first portions of tokens release date" ? | http://imgur.com/KHgx7Ie | done | 1 | 325 | |||||||||||||||||||
37 | @bitcoinloop | official IRM youtube playlist are with weird videos: a honey cake recipe, the voice kids, and a russian mma fighter teaser. please delete urgent for credibility before some fud guy make joke videos. | https://prnt.sc/ilegrh | done | 1 | 325 | |||||||||||||||||||
38 | @BBICPRO | The number of tokens on the main page of the personal cabinet is incorrectly displayed. The correct amount is displayed in the My Wallet section. The main ones do not take into account the tokens received by the referral program. | http://skrinshoter.ru/s/040318/e2rpho | http://skrinshoter.ru/s/040318/tAG6uO | done | 1 | 325 | ||||||||||||||||||
39 | @fedorktvs | After visiting https://ico.icerockmining.io/Account/forgotpassword?lang=nonexisting user can't do anything in ico.icerockmining.io - you will get "Server Error in '/' Application" when visiting any page. | done | 1 | 325 | ||||||||||||||||||||
40 | @fedorktvs | CSRF in SendConfirmationLetterAgain. Go to https://jsfiddle.net/xv5sytr4/3/ and click Run. you will get many letters from icerockmining with confirmation email. This bug can spam your customers and lead to negative reactions | done | 1 | 325 | ||||||||||||||||||||
41 | @fedorktvs | Order link should be private. I can send my link to everyone like this - https://ico.icerockmining.io/Investor/OrderDetails/13307 . If that people buy tokens with this link - i wil get them, not the one who really bought them | done | 1 | 325 | ||||||||||||||||||||
42 | @fedorktvs | Content spoofing. Please open this link: https://ico.icerockmining.io/Investor/Dashboard?error=Please%20send%20me%20all%20your%20money%20to%20this%20address:%200x123456789 you will get my message in your interface | done | 1 | 325 | ||||||||||||||||||||
43 | @fedorktvs | Confirmation links are not secure. Tokens generating via base64(user uuid+timemark). If you get 1 token - you can decode it and generate more using this formula | done | 1 | 325 | ||||||||||||||||||||
44 | Total stake | 42 | |||||||||||||||||||||||
45 | |||||||||||||||||||||||||
46 | |||||||||||||||||||||||||
47 | |||||||||||||||||||||||||
48 | |||||||||||||||||||||||||
49 | |||||||||||||||||||||||||
50 | |||||||||||||||||||||||||
51 | |||||||||||||||||||||||||
52 | |||||||||||||||||||||||||
53 | |||||||||||||||||||||||||
54 | |||||||||||||||||||||||||
55 | |||||||||||||||||||||||||
56 | |||||||||||||||||||||||||
57 | |||||||||||||||||||||||||
58 | |||||||||||||||||||||||||
59 | |||||||||||||||||||||||||
60 | |||||||||||||||||||||||||
61 | |||||||||||||||||||||||||
62 | |||||||||||||||||||||||||
63 | |||||||||||||||||||||||||
64 | |||||||||||||||||||||||||
65 | |||||||||||||||||||||||||
66 | |||||||||||||||||||||||||
67 | |||||||||||||||||||||||||
68 | |||||||||||||||||||||||||
69 | |||||||||||||||||||||||||
70 | |||||||||||||||||||||||||
71 | |||||||||||||||||||||||||
72 | |||||||||||||||||||||||||
73 | |||||||||||||||||||||||||
74 | |||||||||||||||||||||||||
75 | |||||||||||||||||||||||||
76 | |||||||||||||||||||||||||
77 | |||||||||||||||||||||||||
78 | |||||||||||||||||||||||||
79 | |||||||||||||||||||||||||
80 | |||||||||||||||||||||||||
81 | |||||||||||||||||||||||||
82 | |||||||||||||||||||||||||
83 | |||||||||||||||||||||||||
84 | |||||||||||||||||||||||||
85 | |||||||||||||||||||||||||
86 | |||||||||||||||||||||||||
87 | |||||||||||||||||||||||||
88 | |||||||||||||||||||||||||
89 | |||||||||||||||||||||||||
90 | |||||||||||||||||||||||||
91 | |||||||||||||||||||||||||
92 | |||||||||||||||||||||||||
93 | |||||||||||||||||||||||||
94 | |||||||||||||||||||||||||
95 | |||||||||||||||||||||||||
96 | |||||||||||||||||||||||||
97 | |||||||||||||||||||||||||
98 | |||||||||||||||||||||||||
99 | |||||||||||||||||||||||||
100 | |||||||||||||||||||||||||