Totalcoin Bug Bounty Program

You can send bug report via email: [email protected] 

Rewards are distributed depending on the severity of the reported vulnerability.

Please, note that the program does not apply for bugs found on our web portal ( https://totalcoin.io ). No rewards will be distributed for bugs found on the portal.

Severity Level USD
Low     up to 200.00
Medium up to 500.00
High up to 2,500.00
Critical up to 30,000.00

Examples

Low:

  • Non-critical impact on performance of the platform
  • Lack of rate-limits (with impact)

Medium:

  • XSS (with impact)
  • CSRF (with impact)

High:

  • RCE
  • 2FA bypass
  • Privilege escalation attack
  • Critical impact on performance of the platform
  • Reading or changing of large amounts of sensitive data

Critical:

  • Authentication bypass
  • Unauthorized asset transfer
  • Manipulating funds balances

Ineligible conditions of Bug Bounty Program

  • Social Engineering
  • Any vulnerabilities in third-party or open-source libraries/software
  • Physical access to a user’s web browser or smartphone
  • DDOS (Distributed Denial of Service) attacks
  • Vulnerabilities that require 'MITM'
  • Any kind of brute-force attacks
  • Spam
  • Not reproducible vulnerabilities
  • Business logic errors
  • UX issues not relating to security impacts

Bounty payout is carried out in BTC or USDT to the internal Totalcoin platform address.