Coin.Space
External Program
Submit bugs directly to this organization
Coin.Space
Go to https://coin.space to register!
Coin.Space recognizes the importance of security researchers in helping keep our community safe. We encourage responsible disclosure of security vulnerabilities via our bug bounty program described on this page.
Responsible disclosure includes:
Providing us a reasonable amount of time to fix the issue before publishing it elsewhere. Making a good faith effort to not leak or destroy any user data. Not defrauding Coin.Space users or CoinSpace itself in the process of discovery. In order to encourage responsible disclosure, we promise not to bring legal action against researchers who point out a problem provided they do their best to follow the above guidelines.
Eligibility Coin Space reserves the right to decide if the minimum severity threshold is met and whether it was previously reported.
Please report anything which has the potential for financial loss or data breach is of sufficient severity on https://coin.space or the iOS, Android, including:
XSS CSRF Authentication bypass or privilege escalation Click jacking Remote code execution Obtaining user information
In general, the following would not meet the threshold for severity:
Absolutely no automated test results should be submitted. Vulnerabilities on sites hosted by third parties (blog.coinspace.ch, support.coin.space, analytics, etc) unless they lead to a vulnerability on the main website The marketing webpage (www.coin.space) DNS setups Denial of service Spamming Vulnerabilities in third party applications which make use of the Coin.Space API. Issues, particularly man-in-the-middle attacks, surrounding one time use csrf tokens and regeneration of session ids. Attacks on our proxy at https://proxy.coin.space Password/PIN complexity Secure cookie flag Attacks requiring physical access to the victim's machine or mobile device
Rewards The minimum payout is $125 for reporting a previously unknown security vulnerability of sufficient severity with possibility for direct exploitation. There is no maximum reward, and we may award higher amounts based on severity or creativity of the vulnerability found. We may reward $10 - $50 in cases where our security is adjusted for better defense in depth, but no direct exploitation is possible.
Thank you for helping keep the best bitcoin, litecoin and ether web wallet community safe!