 Show Posts
|
|
Pages: [1]
|
ARAX BUG BOUNTY IS LIVE NOW.
Win up to $5,000 for critical exploits We leave no stone unturned in maintaining and ameliorate our Arax Crypto Wallet to provide our users with an efficient, multiple-Blockchain supporting Wallet that is easy and safe to use. However, nothing is perfect and there is always room for improvisation. We would appreciate and reward your help in making us aware of our weaknesses and security vulnerabilities to help us work on them and bring to you an unrivaled product.
PolicyWe request the security research community to provide us with a reasonable time span to fix a vulnerability before bringing it into daylight. Our appeal to you is to submit a detailed description of the bug that you encountered along with the possible measures that we can take reproduce your observation.
While doing this, we request you to be conscious of our user’s privacy, data confidentiality, and integrity. We highly prioritize the privacy of our community and would greatly value your assistance in preserving it. Please be mindful of the fact that we cannot work in coordination with any individual who is a violator of applicable laws or regulations, exploiter of a security issue or who attempts to access the data of other users.
We promise to review your submitted report and address the security challenges faced by you in a timely manner. We will also maintain communication with you during the investigation and inform you once the issue is resolved. We will restrain from taking legal action against you or initiate a legal investigation of you if you’ve made a good faith effort to abide by this policy.
This bug bounty program is dedicated to being aware of online security issues that can potentially affect Arax users. In case you are encountering issues with your individual account, then please mail us on support@arax.io.Key Points- Target is Arax Android App – Available on Google Play Store and iOS App Store.
- Arax.io is not part of the Bug Bounty Program.
-Bug bounty program will run from 5th April - 31st May 2019
- Audit reports will be released after the 7th June 2019.
- This program is not open to minors.
- Arax (LALA World) reserves the right to modify the rules for this program or deem any submissions invalid at any time. Arax may cancel the Bug Bounty program without notice at any time.In Scope VulnerabilitiesHigh Priority (P1)- Remote Code Execution (RCE)
- Remote File Inclusion (RFI)
- Significant Authentication BypassMedium Priority (P2)- SQL Injection
- Authorization Flaw
- Sensitive Data Exposure
- Server Side Request Forgery (SSRF)Low Priority (P3)- Cross Site Scripting
- Cross-Site Request Forgery (CSRF)
- Open Redirect on Sensitive Parameter
- Improper Direct Object Reference (IDOR)
- Open RedirectOut of Scope VulnerabilitiesWe request you to consider attack scenario/exploit-ability along with the security impact of the issue when reporting a vulnerability. We have mentioned certain types of attacks which are out of scope and won’t be considered in this program. These include:
- Repudiation of service attacks
- Denial of Service
- Phishing attacks
- Social engineering attacks
- Reflected file download
- Disclosure of Software version
- Problems demanding direct physical access
- Bugs requiring remarkably unlikely user interaction
- Vulnerabilities impacting out-of-date browsers and plugins
- Publicly accessible login panels
- CSV injection
- Email enumeration / account oracles
- CSP Vulnerabilities
- Email Spoofing
- Content redaction bypasses (evading the (Hidden by Arax) filter)Eligibility All rights of analyzing whether the minimum severity threshold is met and also if the issue has been previously reported, are reserved by Arax Team. Rewards are given completely according to the discretion of Arax Team.To qualify for a reward under this program, you should:- You must join LALA World Official Telegram Group.
- Be the first individual to report the bug. Send a clear written description of the problem faced, along with the steps to reproduce the bug.
- Attach files like screenshots or proof of concept code as required.
- Reveal the bug report directly and exclusively to Arax team.
- Mention the impacted endpoints, URL(s) and any other parameters.Report a bug- Prepare a detailed report of the bug inclusive of the description of the bug, steps to reproduce the bug, its potential impact and screenshots of the bug reported.
- Upload your bug report here.
- Include your wallet address where you would like to receive the payment.
- Please share your active email ids only, when signing up for the campaign.
- Please allow 7 business days to us to respond.Disclosure Policy and Rules of Participation- Do not create multiple accounts to perform testing of Arax applications and services.
- Do not perform brute force testing to check if rate limiting is in place for certain APIs or parts of functionality.
- Social engineering (e.g. phishing, vishing, smishing) is strictly forbidden.
- Make a good faith effort to evade violation of privacy, data destruction, and disruption or degradation of our service.
- You are allowed to test the Arax mobile app and demonstrate its vulnerabilities only from your own account. Hacking into another individual’s account is strictly prohibited.
- We have only mentioned the minimum reward amount below under each category. Our aim is to be fair while granting reward which is totally at our discretion.
- The employees of LALA World or any of its partner companies or the authors of the code where the security flaws have been reported, cannot participate in the Arax Bug Bounty hunt.Rewards Our maximum bounty is $5,000.Reward amounts may vary in regards to the severity, difficulty to exploit, and effect of the reported bug. You will receive your bounty within a time span of 2 weeks from the date of triage in case your report is the chosen winner.
Please note that reward decisions are up to the discretion of Arax. We do not reward for duplicate reports. Examples of issues that may be considered to be lower severity given additional context include:
- A reflected XSS that has minimal impact (only works in some browsers, can’t be used to steal session information) Self-XSS
- An RCE on an asset that doesn’t house production data.
- Note that bounties will be paid in BTC or ETH.
- We will also be rewarding people who will give us unique and creative suggestions regarding enhancement of our App security and services.
Technical Severity and their Reward RangeP1 High :- $200 - $500P2 Medium :- $100 - $200 P3 Low :- $25 - $100
For any bounty related queries or questions, Ask only in Bounty Support Group. |
|
|
|
Only signature campaign? No Facebook, Twitter, Content creation campaign?
The development for all the other campaigns are under process, we request you to stay tuned for further updates. |
|
|
|
The development for all the other campaigns are under process, we request you to stay tuned for further updates. |
|
|
|
Facebook Campaign , Instagram campaign , thank sir
The development for all the other campaigns are under process, we request you to stay tuned for further updates. |
|
|
|
ARAX SIGNATURE CAMPAIGN IS OVER NOW.  Your Universal Crypto Wallet        
ARAX is a multicurrency wallet that enables ease of control for all your digital assets. Supporting multiple Blockchains, the wallet serves as a one-stop manager to your cryptocurrency portfolio. ARAX adds value to the market by facilitating users to make utility bill payments and mobile recharges via crypto at their will.
 
2,000,000 LALA Tokens are reserved for the Signature Campaign. ARAX Signature Campaign Will Be Live For Next 8 Weeks, As Mentioned Below.Week-1 18 Feb 2019 to 24 Feb 2019
Week-2 25 Feb 2019 to 03 Mar 2019
Week-3 04 Mar 2019 to 10 Mar 2019
Week-4 11 Mar 2019 to 17 Mar 2019
Week-5 18 Mar 2019 to 24 Mar 2019
Week-6 25 Mar 2019 to 31 Mar 2019
Week-7 01 Apr 2019 to 07 Apr 2019
Week-8 08 Apr 2019 to 14 Apr 2019
 Payout Structure & Positions- Member: 10 Stakes/Week
- Full Member: 20 Stakes/Week
- Sr Member: 30 Stakes/Week
- Hero and Legendary: 50 Stakes/Week
Rules, Terms And Conditions:-1- You Must join the LALA WORLD Telegram Group in order to Participate in Campaign (it's Mandatory)
2- You must DOWNLOAD Arax App in regards to participate in this campaign.
3- You must do a minimum 8 posts per week. Less than 8 posts will not be counted.
4- Your BitcoinTalk Account rank should be at least Member.
5- Posts in any campaign thread, promotion or giveaway do no count.
6- You need to wear our avatar.
7- Owners and managers save the rights to apply new rules, change rules and do any other reasonable changes if necessary (including payment amount and structure)
The distribution of the tokens to bounty participants will be after the end of the Campaign.NOTE: 1- To receive your LALA Tokens you have to create a new LALA Address in Arax. The old LALA wallet addresses will not be entertained.
2- For Any Kind Of Queries, Ask In Support Group- https://t.me/TAP_Bounty
How To Participate:BOUNTY IS CLOSED NOW. 
Breaking these rules will lead to disqualification from getting payment:-1- Changing our signature
2- Receiving negative feedback
3- Making not constructive posts, or posts that are less than 70 words
4- Having more than one account in this campaign
5- If we see that you've posted on the last few days before payday, you won’t be paid.
ARAX Avatar SIGNATURE CODES:NOW YOU ALL CAN REMOVE YOUR SIGNATURE. THANK YOU!
MEMBER
[center][url=https://arax.io/]Own, Track and Pay [sup]w/[/sup] [u] [b]Λ R A X[/b] [/u] [i]Your Universal Crypto Wallet[/i][/url]
[url=https://play.google.com/store/apps/details?id=io.arax.cryptowallet][sup]■[/sup] ■ BETA Version is now LIVE! [b][ [sup]Get it on[/sup] Google Play ][/b] [sup]■[/sup] ■[/url]
[url=https://t.me/LaLaWorld]Telegram[/url] [url=https://twitter.com/MyLaLaWorld]Twitter[/url] [url=https://www.facebook.com/MyLaLaWorld]Facebook[/url] [url=https://medium.com/lala-world]Medium[/url] [url=https://bitcointalk.org/index.php?topic=2268691.4240]Ann Thread[/url][/center]
FULL MEMBER
[center][font=century gothic][url=https://arax.io/][b][color=#524aaf]Own, Track and Pay [color=#ab1f6d][sup]w/[/sup] [u] [color=#524aaf][b]Λ R A X[/b] [/u] [color=#ab1f6d][i]Your Universal Crypto Wallet[/i][/b][/url]
[url=https://play.google.com/store/apps/details?id=io.arax.cryptowallet][color=#A3A9AA][sup]■[/sup] ■ [font=impact][color=#524aaf]BETA Version [color=#ab1f6d]is now LIVE![/font] [b][color=#524aaf][ [font=arial][sup][color=#A3A9AA]Get it on[/sup][/font] [color=#ab1f6d]Google Play [color=#524aaf]][/b] [color=#A3A9AA][sup]■[/sup] ■[/url]
[url=https://t.me/LaLaWorld][color=#524aaf]Telegram[/url] [url=https://twitter.com/MyLaLaWorld][color=#524aaf]Twitter[/url] [url=https://www.facebook.com/MyLaLaWorld][color=#524aaf]Facebook[/url] [url=https://medium.com/lala-world][color=#524aaf]Medium[/url] [url=https://bitcointalk.org/index.php?topic=2268691.4240][color=#524aaf]Ann Thread[/url][/center]
SR. MEMBER
[center][table][tr][td][url=https://arax.io/][font=century gothic][size=19px][color=#524aaf]Own, Track
[size=11px][color=#ab1f6d]─────────── and [/td][td][url=https://arax.io/][font=century gothic][size=4px]
[size=20px][color=#524aaf]Pay[/td][td][font=century gothic][size=10px]
[size=11px][color=#ab1f6d]with[/td][td][url=https://arax.io/][font=century gothic][size=3px]
[size=22px][color=#524aaf]ARAX[/td][td] [/td][td][url=https://arax.io/][font=impact][size=15px][color=#ab1f6d]Your Universal
[font=century gothic][color=#524aaf]Crypto Wallet[/td][td][/td][td][url=https://arax.io/][size=2px][tt][color=#524aaf]█▄ ▄█
▀███▄ ▄███▀
▄ ▀████▄ ▄████▀ ▄
[color=#6143a4]▀██▄██████▄ ██ ▄██████▄██▀
▀██████████▄ ████ ▄██████████▀
[color=#703c99]█▄▄▄▀█████████ ██████ ▄█████████▀▄▄▄█
▀███████████▀▀ ███ ███ ▀███████████▀
[color=#7e358e]███████████▄███ ███▄███████████
▀███████████ ███████████▀
[color=#8d2d83]▀███████ ███████▀
███ ███
[color=#9c2678]███ ███
███ ███
[color=#ab1f6d]███ ███
███ ███[/td][td][/td][td][/td][td][center][url=https://arax.io/][font=century gothic][size=20px][color=#524aaf]arax
[size=10px]Beta[/td][td][color=#A3A9AA][size=20px][sup] |[/sup][sub]| [/sub][/td][td][center][url=https://arax.io/][size=15px][font=impact][color=#ab1f6d]BETA VERSION
[font=century gothic][color=#524aaf]NOW LIVE![/td][td] [/td][td][url=https://play.google.com/store/apps/details?id=io.arax.cryptowallet][size=2pt][tt]
[color=#3FBEED]▄[color=#59BD6A]▀█▄▄
[color=#3FBEED]██▄[color=#59BD6A]▀███▄▄
[color=#3FBEED]████▄[color=#59BD6A]▀████▀[color=#FAAC12]▄▄
[color=#3FBEED]██████▄[color=#59BD6A]▀█▀[color=#FAAC12]█████
[color=#3FBEED]█████▀[color=#EA4655]▄███▄[color=#FAAC12]▀▀
[color=#3FBEED]███▀[color=#EA4655]▄██▀▀
[color=#3FBEED]█▀[color=#EA4655]▄█▀▀ [/td][td][url=https://play.google.com/store/apps/details?id=io.arax.cryptowallet][font=century gothic][size=3px]
[size=9px][color=#000]GET IN ON
[size=15px][b][color=#ab1f6d]Google Play[/td][td][size=20px][color=#A3A9AA][sup] |[/sup][sub]| [/sub][/td][td][font=century gothic][size=10px][b][url=https://t.me/LaLaWorld][color=#524aaf]TELEGRAM[/url] [url=https://twitter.com/MyLaLaWorld][color=#524aaf]TWITTER[/url]
[url=https://bitcointalk.org/index.php?topic=2268691.4240][color=#ab1f6d]ANN THREAD[/url]
[url=https://www.facebook.com/MyLaLaWorld][color=#524aaf]FACEBOOK[/url] [url=https://medium.com/lala-world][color=#524aaf]MEDIUM[/url]
[/td][/tr][/table][/center]
HERO MEMBER
[center][table][tr][td][url=https://arax.io/][font=century gothic][size=19px][color=#524aaf]Own, Track
[size=11px][color=#ab1f6d]─────────── and [/td][td][url=https://arax.io/][font=century gothic][size=4px]
[size=20px][color=#524aaf]Pay[/td][td][font=century gothic][size=10px]
[size=11px][color=#ab1f6d]with[/td][td][url=https://arax.io/][font=century gothic][size=3px]
[size=22px][color=#524aaf]ARAX[/td][td] [/td][td][url=https://arax.io/][font=impact][size=16px][color=#ab1f6d]Your Universal
[size=14px][font=century gothic][glow=#524aaf,2][color=#524aaf].[color=#fff]Crypto Wallet[color=#524aaf].[/glow][/td][td][/td][td][url=https://arax.io/][size=2px][tt][color=#524aaf]█▄ ▄█
▀███▄ ▄███▀
▄ ▀████▄ ▄████▀ ▄
[color=#6143a4]▀██▄██████▄ ██ ▄██████▄██▀
▀██████████▄ ████ ▄██████████▀
[color=#703c99]█▄▄▄▀█████████ ██████ ▄█████████▀▄▄▄█
▀███████████▀▀ ███ ███ ▀███████████▀
[color=#7e358e]███████████▄███ ███▄███████████
▀███████████ ███████████▀
[color=#8d2d83]▀███████ ███████▀
███ ███
[color=#9c2678]███ ███
███ ███
[color=#ab1f6d]███ ███
███ ███[/td][td][/td][td][/td][td][center][url=https://arax.io/][font=century gothic][size=19px][color=#524aaf]arax
[size=10px][font=arial black][color=#524aaf][i]█[/i][/font][glow=#524aaf,2][color=#524aaf]..[color=#fff]Beta[color=#524aaf]..[font=arial black][color=#524aaf][i]█[/td][td][size=20px][color=#A3A9AA][sup] |[/sup][sub]| [/sub][/td][td][center][url=https://arax.io/][size=15px][font=impact][color=#ab1f6d]BETA VERSION
[font=century gothic][color=#524aaf]NOW LIVE![/td][td] [/td][td][url=https://play.google.com/store/apps/details?id=io.arax.cryptowallet][size=2pt][tt]
[color=#3FBEED]▄[color=#59BD6A]▀█▄▄
[color=#3FBEED]██▄[color=#59BD6A]▀███▄▄
[color=#3FBEED]████▄[color=#59BD6A]▀████▀[color=#FAAC12]▄▄
[color=#3FBEED]██████▄[color=#59BD6A]▀█▀[color=#FAAC12]█████
[color=#3FBEED]█████▀[color=#EA4655]▄███▄[color=#FAAC12]▀▀
[color=#3FBEED]███▀[color=#EA4655]▄██▀▀
[color=#3FBEED]█▀[color=#EA4655]▄█▀▀ [/td][td][url=https://play.google.com/store/apps/details?id=io.arax.cryptowallet][font=century gothic][size=3px]
[size=9px][color=#000][b]GET IN ON
[size=2px]
[size=14px][b][glow=#ab1f6d,2][color=#ab1f6d].[color=#fff]Google Play[color=#ab1f6d].[/glow][/td][td][size=20px][color=#A3A9AA][sup] |[/sup][sub]| [/sub][/td][td][font=century gothic][size=10px][b][url=https://t.me/LaLaWorld][color=#524aaf]TELEGRAM[/url] [url=https://twitter.com/MyLaLaWorld][color=#524aaf]TWITTER[/url]
[url=https://bitcointalk.org/index.php?topic=2268691.4240][color=#ab1f6d]ANN THREAD[/url]
[url=https://www.facebook.com/MyLaLaWorld][color=#524aaf]FACEBOOK[/url] [url=https://medium.com/lala-world][color=#524aaf]MEDIUM[/url]
[/td][/tr][/table][/center] |
|
|
|
|
