Bitcoin Forum
May 07, 2024, 08:39:02 PM
Welcome,
Guest
. Please
login
or
register
.
News
: Latest Bitcoin Core release:
27.0
[
Torrent
]
Home
Help
Search
Login
Register
More
Bitcoin Forum
>
Alternate cryptocurrencies
>
Marketplace (Altcoins)
>
Bounties (Altcoins)
>
[BUG BOUNTY] ARAX— Your Universal Crypto Wallet
Pages: [
1
]
« previous topic
next topic »
Print
Author
Topic: [BUG BOUNTY] ARAX— Your Universal Crypto Wallet (Read 466 times)
AraxApp
(OP)
Copper Member
Newbie
Offline
Activity: 5
Merit: 0
[BUG BOUNTY] ARAX— Your Universal Crypto Wallet
March 12, 2019, 09:30:18 AM
Last edit: April 05, 2019, 05:29:26 AM by AraxApp
#1
ARAX BUG BOUNTY IS LIVE NOW.
Win up to $5,000 for critical exploits
We leave no stone unturned in maintaining and ameliorate our Arax Crypto Wallet to provide our users with an efficient, multiple-Blockchain supporting Wallet that is easy and safe to use. However, nothing is perfect and there is always room for improvisation. We would appreciate and reward your help in making us aware of our weaknesses and security vulnerabilities to help us work on them and bring to you an unrivaled product.
DOWNLOAD ARAX APP NOW
Policy
We request the security research community to provide us with a reasonable time span to fix a vulnerability before bringing it into daylight. Our appeal to you is to submit a detailed description of the bug that you encountered along with the possible measures that we can take reproduce your observation.
While doing this, we request you to be conscious of our user’s privacy, data confidentiality, and integrity. We highly prioritize the privacy of our community and would greatly value your assistance in preserving it. Please be mindful of the fact that we cannot work in coordination with any individual who is a violator of applicable laws or regulations, exploiter of a security issue or who attempts to access the data of other users.
We promise to review your submitted report and address the security challenges faced by you in a timely manner. We will also maintain communication with you during the investigation and inform you once the issue is resolved. We will restrain from taking legal action against you or initiate a legal investigation of you if you’ve made a good faith effort to abide by this policy.
This bug bounty program is dedicated to being aware of online security issues that can potentially affect Arax users. In case you are encountering issues with your individual account, then please mail us on support@arax.io.
Key Points
- Target is Arax Android App – Available on
Google Play Store
and
iOS App Store
.
- Arax.io is not part of the Bug Bounty Program.
-Bug bounty program will run from 5th April - 31st May 2019
- Audit reports will be released after the 7th June 2019.
- This program is not open to minors.
- Arax (
LALA World
) reserves the right to modify the rules for this program or deem any submissions invalid at any time. Arax may cancel the Bug Bounty program without notice at any time.
In Scope Vulnerabilities
High Priority (P1)
- Remote Code Execution (RCE)
- Remote File Inclusion (RFI)
- Significant Authentication Bypass
Medium Priority (P2)
- SQL Injection
- Authorization Flaw
- Sensitive Data Exposure
- Server Side Request Forgery (SSRF)
Low Priority (P3)
- Cross Site Scripting
- Cross-Site Request Forgery (CSRF)
- Open Redirect on Sensitive Parameter
- Improper Direct Object Reference (IDOR)
- Open Redirect
Out of Scope Vulnerabilities
We request you to consider attack scenario/exploit-ability along with the security impact of the issue when reporting a vulnerability. We have mentioned certain types of attacks which are out of scope and won’t be considered in this program. These include:
- Repudiation of service attacks
- Denial of Service
- Phishing attacks
- Social engineering attacks
- Reflected file download
- Disclosure of Software version
- Problems demanding direct physical access
- Bugs requiring remarkably unlikely user interaction
- Vulnerabilities impacting out-of-date browsers and plugins
- Publicly accessible login panels
- CSV injection
- Email enumeration / account oracles
- CSP Vulnerabilities
- Email Spoofing
- Content redaction bypasses (evading the (Hidden by Arax) filter)
Eligibility
All rights of analyzing whether the minimum severity threshold is met and also if the issue has been previously reported, are reserved by Arax Team. Rewards are given completely according to the discretion of Arax Team.
To qualify for a reward under this program, you should:
- You must join LALA World Official
Telegram Group
.
- Be the first individual to report the bug. Send a clear written description of the problem faced, along with the steps to reproduce the bug.
- Attach files like screenshots or proof of concept code as required.
- Reveal the bug report directly and exclusively to Arax team.
- Mention the impacted endpoints, URL(s) and any other parameters.
Report a bug
- Prepare a detailed report of the bug inclusive of the description of the bug, steps to reproduce the bug, its potential impact and screenshots of the bug reported.
-
Upload your bug report
here
.
- Include your wallet address where you would like to receive the payment.
- Please share your active email ids only, when signing up for the campaign.
- Please allow 7 business days to us to respond.
Disclosure Policy and Rules of Participation
- Do not create multiple accounts to perform testing of Arax applications and services.
- Do not perform brute force testing to check if rate limiting is in place for certain APIs or parts of functionality.
- Social engineering (e.g. phishing, vishing, smishing) is strictly forbidden.
- Make a good faith effort to evade violation of privacy, data destruction, and disruption or degradation of our service.
- You are allowed to test the Arax mobile app and demonstrate its vulnerabilities only from your own account. Hacking into another individual’s account is strictly prohibited.
- We have only mentioned the minimum reward amount below under each category. Our aim is to be fair while granting reward which is totally at our discretion.
- The employees of LALA World or any of its partner companies or the authors of the code where the security flaws have been reported, cannot participate in the Arax Bug Bounty hunt.
Rewards
Our maximum bounty is $5,000.
Reward amounts may vary in regards to the severity, difficulty to exploit, and effect of the reported bug. You will receive your bounty within a time span of 2 weeks from the date of triage in case your report is the chosen winner.
Please note that reward decisions are up to the discretion of Arax. We do not reward for duplicate reports. Examples of issues that may be considered to be lower severity given additional context include:
- A reflected XSS that has minimal impact (only works in some browsers, can’t be used to steal session information) Self-XSS
- An RCE on an asset that doesn’t house production data.
-
Note
that bounties will be paid in
BTC
or
ETH
.
-
We will also be rewarding people who will give us unique and creative suggestions regarding enhancement of our App security and services.
Technical Severity and their Reward Range
P1
High :- $200 - $500
P2
Medium :- $100 - $200
P3
Low :- $25 - $100
For any bounty related queries or questions, Ask only in
Bounty Support Group
.
Own, Track and Pay
w/
Λ R A X
Your Universal Crypto Wallet
■
■ BETA Version is now LIVE! [
Get it on
Google Play ]
■
■
Telegram
Twitter
Facebook
Medium
Ann Thread
1715114342
Hero Member
Offline
Posts: 1715114342
Ignore
1715114342
1715114342
#2
1715114342
Report to moderator
In order to get the maximum amount of activity points possible, you just need to post once per day on average. Skipping days is OK as long as you maintain the average.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1715114342
Hero Member
Offline
Posts: 1715114342
Ignore
1715114342
1715114342
#2
1715114342
Report to moderator
1715114342
Hero Member
Offline
Posts: 1715114342
Ignore
1715114342
1715114342
#2
1715114342
Report to moderator
1715114342
Hero Member
Offline
Posts: 1715114342
Ignore
1715114342
1715114342
#2
1715114342
Report to moderator
Tim1996
Member
Offline
Activity: 181
Merit: 30
Re: [BUG BOUNTY] ARAX— Your Universal Crypto Wallet
April 01, 2019, 07:06:38 AM
#2
Quote from: Capt.Morris on April 01, 2019, 07:04:48 AM
Audit reports will be released on 1st April 2019
Today is 1st April.
The Bug bounty is over, head towards the tap bounty channel to know the winners.
██████████
●●
MEGAPARI
●● ██████████
──────── SPORTS ────── 20,000+ SLOTS ────── CASINO ────────
██████████ ●●
PLAY NOW
●●
██████████
Pages: [
1
]
Print
Bitcoin Forum
>
Alternate cryptocurrencies
>
Marketplace (Altcoins)
>
Bounties (Altcoins)
>
[BUG BOUNTY] ARAX— Your Universal Crypto Wallet
« previous topic
next topic »
Jump to:
Please select a destination:
-----------------------------
Bitcoin
-----------------------------
=> Bitcoin Discussion
===> Legal
===> Press
===> Meetups
===> Important Announcements
=> Development & Technical Discussion
===> Wallet software
=====> Electrum
=====> Bitcoin Wallet for Android
=====> BitcoinJ
=====> Armory
=====> Mycelium
=====> Hardware wallets
=> Mining
===> Mining support
===> Pools
===> Mining software (miners)
===> Hardware
=====> Group buys
===> Mining speculation
=> Bitcoin Technical Support
=> Project Development
-----------------------------
Economy
-----------------------------
=> Economics
===> Speculation
=> Marketplace
===> Goods
=====> Computer hardware
=====> Digital goods
=======> Invites & Accounts
=====> Collectibles
===> Services
===> Currency exchange
===> Gambling
=====> Games and rounds
=====> Investor-based games
=====> Gambling discussion
===> Lending
=====> Long-term offers
===> Securities
===> Auctions
===> Service Announcements
=====> Micro Earnings
===> Service Discussion
=====> Web Wallets
=====> Exchanges
=> Trading Discussion
===> Scam Accusations
===> Reputation
-----------------------------
Other
-----------------------------
=> Meta
===> New forum software
===> Bitcoin Wiki
=> Politics & Society
=> Beginners & Help
=> Off-topic
=> Serious discussion
===> Ivory Tower
=> Archival
===> Корзина
===> CPU/GPU Bitcoin mining hardware
===> Chinese students
===> Obsolete (buying)
===> Obsolete (selling)
===> MultiBit
-----------------------------
Alternate cryptocurrencies
-----------------------------
=> Altcoin Discussion
=> Announcements (Altcoins)
===> Tokens (Altcoins)
=> Mining (Altcoins)
===> Pools (Altcoins)
=> Marketplace (Altcoins)
===> Service Announcements (Altcoins)
===> Service Discussion (Altcoins)
===> Bounties (Altcoins)
=> Speculation (Altcoins)
-----------------------------
Local
-----------------------------
=> العربية (Arabic)
===> العملات البديلة (Altcoins)
=====> النقاشات
===> إستفسارات و أسئلة المبتدئين
===> التعدين
===> النقاشات الأخرى
===> منصات التبادل
=> Bahasa Indonesia (Indonesian)
===> Marketplace (Bahasa Indonesia)
===> Mining (Bahasa Indonesia)
===> Altcoins (Bahasa Indonesia)
===> Trading dan Spekulasi
===> Ekonomi, Politik, dan Budaya
===> Topik Lainnya
=> Español (Spanish)
===> Mercado y Economía
=====> Servicios
=====> Trading y especulación
===> Hardware y Minería
===> Esquina Libre
===> Mercadillo
=====> Mexico
=====> Argentina
=====> España
=====> Centroamerica y Caribe
===> Primeros pasos y ayuda
===> Altcoins (criptomonedas alternativas)
=====> Minería de altcoins
=====> Servicios
=====> Tokens (Español)
=> 中文 (Chinese)
===> 跳蚤市场
===> 山寨币
===> 媒体
===> 挖矿
===> 离题万里
=> Hrvatski (Croatian)
===> Trgovina
===> Altcoins (Hrvatski)
=====> Announcements (Hrvatski)
===> Off-topic (Hrvatski)
=> Deutsch (German)
===> Anfänger und Hilfe
===> Mining (Deutsch)
===> Trading und Spekulation
===> Projektentwicklung
===> Off-Topic (Deutsch)
===> Treffen
===> Presse
===> Altcoins (Deutsch)
=====> Announcements (Deutsch)
===> Marktplatz
=====> Auktionen
=====> Suche
=====> Biete
=> Ελληνικά (Greek)
===> Αγορά
===> Mining Discussion (Ελληνικά)
===> Altcoins (Ελληνικά)
=====> Altcoin Announcements (Ελληνικά)
=====> Altcoin Mining (Ελληνικά)
=> עברית (Hebrew)
=> Français
===> Actualité et News
===> Débutants
===> Discussions générales et utilisation du Bitcoin
===> Mining et Hardware
===> Économie et spéculation
===> Place de marché
=====> Échanges
=====> Produits et services
=====> Petites annonces
===> Le Bitcoin et la loi
===> Wiki, documentation et traduction
===> Développement et technique
===> Vos sites et projets
===> Hors-sujet
===> Altcoins (Français)
=====> Annonces
=> India
===> Mining (India)
===> Marketplace (India)
===> Regional Languages (India)
===> Press & News from India
===> Alt Coins (India)
===> Buyer/ Seller Reputations (India)
===> Off-Topic (India)
=> Italiano (Italian)
===> Guide (Italiano)
===> Progetti
===> Discussioni avanzate e sviluppo
===> Trading, analisi e speculazione
===> Mercato
=====> Mercato valute
=====> Beni
=====> Servizi
=====> Esercizi commerciali
=====> Hardware/Mining (Italiano)
=====> Gambling (Italiano)
===> Accuse scam/truffe
===> Mining (Italiano)
===> Alt-Currencies (Italiano)
=====> Annunci
===> Raduni/Meeting (Italiano)
===> Crittografia e decentralizzazione
===> Off-Topic (Italiano)
=> 日本語 (Japanese)
===> アルトコイン
=> Nederlands (Dutch)
===> Markt
===> Gokken/lotterijen
===> Mining (Nederlands)
===> Beurzen
===> Alt Coins (Nederlands)
===> Off-topic (Nederlands)
===> Meetings (Nederlands)
=> Nigeria (Naija)
===> Politics and society (Naija)
===> Off-topic (Naija)
=> 한국어 (Korean)
===> 대체코인 Alt Coins (한국어)
=> Pilipinas
===> Altcoins (Pilipinas)
=====> Altcoin Announcements (Pilipinas)
===> Pamilihan
===> Others (Pilipinas)
=> Polski
===> Tablica ogłoszeń
===> Alternatywne kryptowaluty
=====> Nowe kryptowaluty i tokeny
=====> Tablica ogłoszeń (altcoiny)
=> Português (Portuguese)
===> Primeiros Passos (Iniciantes)
===> Economia & Mercado
===> Mineração em Geral
===> Desenvolvimento & Discussões Técnicas
===> Criptomoedas Alternativas
===> Brasil
===> Portugal
=> Русский (Russian)
===> Новички
===> Бизнес
=====> Барахолка
=====> Обменники
===> Идеи
===> Кодеры
===> Майнеры
===> Политика
===> Трейдеры
===> Альтернативные криптовалюты
=====> Токены
=====> Бayнти и aиpдpoпы
===> Хайпы
===> Работа
===> Разное
===> Oбcyждeниe Bitcoin
=====> Новости
=====> Юристы
=> Română (Romanian)
===> Anunturi importante
===> Offtopic
===> Market
=====> Discutii Servicii
===> Minerit
===> Tutoriale
===> Bine ai venit!
===> Presa
===> Altcoins (Monede Alternative)
=====> Anunturi Monede Alternative
=> Skandinavisk
=> Türkçe (Turkish)
===> Bitcoin Haberleri
===> Pazar Alanı
===> Madencilik
===> Ekonomi
===> Servisler
=====> Fonlar
===> Proje Geliştirme
===> Alternatif Kripto-Paralar
=====> Madencilik (Alternatif Kripto-Paralar)
=====> Duyurular (Alternatif Kripto-Paralar)
===> Konu Dışı
===> Yeni Başlayanlar & Yardım
===> Buluşmalar
=> Other languages/locations
Loading...