Totalcoin Bug Bounty Program
You can send bug report via email: [email protected]
Rewards are distributed depending on the severity of the reported vulnerability.
Please, note that the program does not apply for bugs found on our web portal ( https://totalcoin.io ). No rewards will be distributed for bugs found on the portal.
Severity Level | USD |
---|---|
Low | up to 200.00 |
Medium | up to 500.00 |
High | up to 2,500.00 |
Critical | up to 30,000.00 |
Examples
Low:
- Non-critical impact on performance of the platform
- Lack of rate-limits (with impact)
Medium:
- XSS (with impact)
- CSRF (with impact)
High:
- RCE
- 2FA bypass
- Privilege escalation attack
- Critical impact on performance of the platform
- Reading or changing of large amounts of sensitive data
Critical:
- Authentication bypass
- Unauthorized asset transfer
- Manipulating funds balances
Ineligible conditions of Bug Bounty Program
- Social Engineering
- Any vulnerabilities in third-party or open-source libraries/software
- Physical access to a user’s web browser or smartphone
- DDOS (Distributed Denial of Service) attacks
- Vulnerabilities that require 'MITM'
- Any kind of brute-force attacks
- Spam
- Not reproducible vulnerabilities
- Business logic errors
- UX issues not relating to security impacts
Bounty payout is carried out in BTC or USDT to the internal Totalcoin platform address.