The eosfinex Bug Bounty

24 April 2019

Two weeks ago we launched the eosfinex testnet to great excitement from the eosfinex development team.

With a huge milestone reached, our attention has now shifted towards our upcoming beta exit to signal the complete launch of eosfinex.

To assist with this we are pleased to announce the start of the eosfinex bug bounty program, featuring rewards worth up to $10000 for the discovery of potential exploits.

Specifications
Bug Bounty Rules
  • The eosfinex bug bounty will be judged according to common bug bounty severity classifications as judged by the eosfinex team.

  • Only software-related security bugs count.

  • If a submission is accepted, payouts will go to the first submitter of the issue.

Eligibility

Any bug that acts as a serious vulnerability, either to the security of our site or the integrity of our system, can be eligible. Please keep in mind that all issues are up to the discretion of the eosfinex team. This includes (in some cases):

  • Cross-Site Request Forgery (CSRF)

  • Cross-Site Scripting (XSS)

  • Remote Code Execution (RCE)

  • Code Injection

  • Privilege Escalation

  • Authentication Bypass

  • Clickjacking

  • Leakage of Sensitive Data

Submissions

Please direct all submissions towards forms.gle/2Ty1rcEfNRkrBqnC6. Please include the following components:

  • A complete description of the attack vector.

  • Steps required to reproduce the vulnerability.

  • An overview of expected vs actual results.

  • Your email address.

  • EOS address for payment.

We look forward to reviewing your submissions and preparing eosfinex for mainnet launch with your help.

The eosfinex development team will be active in our Telegram channel to discuss any potential issues further.

The eosfinex testnet is here! Try it out on paper.eosfinex.com.

For tutorials on how to navigate the eosfinex beta, visit ‘Tutorials and Lessons’.

Follow eosfinex on TwitterTelegram & LinkedIn for up-to-date developments and announcements.