Articles in this section

See more

Is there a Bug Bounty Program?

Avatar
Joel K.
  • Updated
Follow

Yes, we have a Bug Bounty Program.

Scope

  • iOS and Android wallet app
  • API at getonebit.com
  • tenx.tech website (severe bugs only, please refer to exclusion list below for details)

Exclusion list

  • Client-side "XSS" on any domain/subdomain
  • Clickjacking on any domain/subdomain
  • merch.tenx.tech (Submit via Shopify's Bug Bounty Programme)
  • support.tenx.tech (Submit via Zendesk's Bug Bounty Programme)
  • chat.tenx.tech (Submit an issue via Rocket.Chat's github)
  • forum.tenx.tech (Submit an issue via Discourse's Bug Bounty Programme)

We urge submitters to:

  • Give us reasonable amount of time to close any submitted vulnerabilities.
  • Not use any other channel to submit vulnerabilities other than the method described below.
  • Not damage any TenX users or TenX itself, and not disclose any data found during the process of discovery.

Caveat

In order to be eligible for rewards the following conditions must first be met:

  • The security vulnerabilities have to be applicable in a real-world attack scenario.
  • The vulnerability has to be demonstrated to our team in a comprehensible/ reproducible way.
  • The vulnerability may not be published until it has been patched, and you have obtained permission from TenX.

Rewards

The following table is an estimate for reward amounts (depending on the severity, we might pay out higher rewards). Please submit details of your discovered vulnerabilities via the request form here.

Every security vulnerability submitted that results in a fix on our side will receive a monetary reward based on the below table. These rewards will be paid in the equivalent value of Bitcoin. If your report is deemed eligible, you will be contacted to provide further details.

Remote code execution Reward up to $10,000
Manipulation of account balance Reward up to $5,000
Vulnerability resulting in financial loss (depending on severity) Reward up to $2,000 - $5,000
Loss of privileged information (passwords, API keys, private keys, etc.) Reward up to $3,000
Loss of user personal information (addresses, phone numbers, etc) Reward up to $1,000
Authentication bypass Reward up to $1,000

 

Terms and Conditions

By making any submission of any information or content to bugbounty@tenx.tech and/or participating in any other form or manner in the TenX Bug Bounty Program as referred to above (the “Participation”):

(a) you agree that each of TenX Pte. Ltd. and its related corporations (as defined in the Companies Act (Cap. 50) of Singapore) shall own all intellectual property rights to all of the information or content provided by you in connection with your Participation; and

(b) you represent and warrant that your Participation and the foregoing agreement do not result in any infringement or breach (whether indirectly or directly, or in any form or manner) of intellectual property rights of any other person to any part of the information or content provided by you in connection with your Participation to any extent.

 

Comments

0 comments

Article is closed for comments.