Totalcoin Bug Bounty Program
You can send bug report via email: [email protected]
Rewards are distributed depending on the severity of the reported vulnerability.
Please, note that the program does not apply for bugs found on our web portal ( https://totalcoin.io ). No rewards will be distributed for bugs found on the portal.
|Low||up to 200.00|
|Medium||up to 500.00|
|High||up to 2,500.00|
|Critical||up to 30,000.00|
- Non-critical impact on performance of the platform
- Lack of rate-limits (with impact)
- XSS (with impact)
- CSRF (with impact)
- 2FA bypass
- Privilege escalation attack
- Critical impact on performance of the platform
- Reading or changing of large amounts of sensitive data
- Authentication bypass
- Unauthorized asset transfer
- Manipulating funds balances
Ineligible conditions of Bug Bounty Program
- Social Engineering
- Any vulnerabilities in third-party or open-source libraries/software
- Physical access to a user’s web browser or smartphone
- DDOS (Distributed Denial of Service) attacks
- Vulnerabilities that require 'MITM'
- Any kind of brute-force attacks
- Not reproducible vulnerabilities
- Business logic errors
- UX issues not relating to security impacts
Bounty payout is carried out in BTC or USDT to the internal Totalcoin platform address.