[BOUNTY] 0.03 BTC for testing

[btc_enigma]

0.03 BTC for first one who reports 3 major bugs in staging website http://www.blockonomics.co:1947

Definition of major bugs :
can corrupt data, or crash a system, security loophole / majorly impends functionality of the service


Notes

• Don't test Login with gmail functionality . It redirects to the production site, Register with email and login
• User should recieve an email on debit / credit of bitcoins in his address , if he is subscribed to email notification
• If address is tagged, notifications / activity logs should contain the tag instead of the address
• Staging website is http, don't worry about this. Production is running on https
• More details can be found here https://bitcointalk.org/index.php?topic=880995.msg9861010#msg9861010

If you report any minor bugs too , that catch my attention; I would consider a bonus 0.01 BTC

[1715547362]

1715547362

[1715547362]

1715547362

[1715547362]

1715547362

[Joca97]

0.03 BTC for first one who reports 3 major bugs in staging website http://blockonomics:1947

Definition of major bugs :
can corrupt data, or crash a system, security loophole / majorly impends functionality of the service


Notes

• Don't test Login with gmail functionality . It redirects to the production site, Register with email and login
• User should recieve an email on debit / credit of bitcoins in his address , if he is subscribed to email notification
• If address is tagged, notifications / activity logs should contain the tag instead of the address
• More details can be found here https://bitcointalk.org/index.php?topic=880995.msg9861010#msg9861010

If you report any minor bugs too , that catch my attention; I would consider a bonus 0.01 BTC

the site dosent work!

[btc_enigma]

0.03 BTC for first one who reports 3 major bugs in staging website http://blockonomics:1947

Definition of major bugs :
can corrupt data, or crash a system, security loophole / majorly impends functionality of the service


Notes

• Don't test Login with gmail functionality . It redirects to the production site, Register with email and login
• User should recieve an email on debit / credit of bitcoins in his address , if he is subscribed to email notification
• If address is tagged, notifications / activity logs should contain the tag instead of the address
• More details can be found here https://bitcointalk.org/index.php?topic=880995.msg9861010#msg9861010

If you report any minor bugs too , that catch my attention; I would consider a bonus 0.01 BTC

the site dosent work!

Sorry for typo, fixed now

[Small]

This could potentially overload the server --
You can click register over and over and over again and it sends an activation email every time.
Though it's not that major that you can register again even though you're registered.

[hexafraction]

Is there no way to change a password?

[viriat0]

0.03 BTC for first one who reports 3 major bugs in staging website http://www.blockonomics.co:1947

Definition of major bugs :
can corrupt data, or crash a system, security loophole / majorly impends functionality of the service


Notes

• Don't test Login with gmail functionality . It redirects to the production site, Register with email and login
• User should recieve an email on debit / credit of bitcoins in his address , if he is subscribed to email notification
• If address is tagged, notifications / activity logs should contain the tag instead of the address
• Staging website is http, don't worry about this. Production is running on https
• More details can be found here https://bitcointalk.org/index.php?topic=880995.msg9861010#msg9861010

If you report any minor bugs too , that catch my attention; I would consider a bonus 0.01 BTC

Good service!

It will be very useful!

[rozee]

its doesnt work on mobile version right?
in my android its not smooth

[kenw2]

its doesnt work on mobile version right?
in my android its not smooth

Not working on my android either. 

[btc_enigma]

its doesnt work on mobile version right?
in my android its not smooth

Not working on my android either.  

Yes mobile version isn't completely supported yet

[Nerazzura]

It work for my phone (android versi 4.2)
Hope u make for android aplication too

[BitcoinAddicts]

just a suggestion
you should work on your site design
i love your idea behind this
it is a good feature to monitor our wallet transaction with email

[btc_enigma]

Is there no way to change a password?

Yes, right way there is no way to change password. Only way is to mail administrator to deactivate account, they you can reregister with new password

[btc_enigma]

just a suggestion
you should work on your site design
i love your idea behind this
it is a good feature to monitor our wallet transaction with email

Good service!

It will be very useful!

Thanks a lot for your support . You can post suggestions  / monitor updates to our service on our project development thread https://bitcointalk.org/index.php?topic=880995.msg9861010

Cheers !

[franckuestein]

Hi @btc_enigma! I was analyzing your site to check everything and know if there are problems and that are my suggestions  

Site have a Javascript problem know as:
TypeError:
undefined is not a function (evaluating '$("input[type='tel']").intlTelInput({ defaultCountry: "auto" })')

You can solve it easily:

• Make sure you have all the scripts pointing to the correct location in your workspace.
• Add, jQuery and reference to the scripts after the control.

Remark that you're using jQuery v2.1.1 on your site, just as a reminder  

Check it out everything and seems to be ok, site looks really good!

[akula999]

slight spelling error - when clicking on login with an incorrect username/password - invalid emailid (no spaces) shows up. Email ID...

Not sizing properly on android and on linux\ubuntu - tolerable

Script pointing needs a little cleaning

Once you're logged in, there is no way to log out.

Other than that, not bad...

[josef2000]

When I do some small configs. THIS HAPPENS... Not going to say how until bounty given. So every hacker can steal the password easily





Password register problem. Not going to say how until bounty given



You can register an already registered google plus account email(e.g test@gmail.com). when you login, you can access all the data on the google plus account.

e.g some one logged in with test@gmail.com GOOGLE PLUS. But I can still register ac account with test@gmail.com, which has all the information the google plus account has saved.

Mainly uses public scripts:



Small errors:
Cant go back from register page to homepage without forcing back button.
Always shows balances approx 30 min behind the blockchain in adress watcher (not immidiate update of balance)

[btc_enigma]

When I do some small configs. THIS HAPPENS... Not going to say how until bounty given. So every hacker can steal the password easily

In your html , you have changed the type of input box from password to text. This is not a bug. You are trying to undermine your own security

You can register an already registered google plus account email(e.g test@gmail.com). when you login, you can access all the data on the google plus account.

Can you show me proof of this. You cannot login until you click the email link containing the activation code

I have already paid for similar bounties https://bitcointalk.org/index.php?topic=889020.msg9835960#msg9835960 and lot of people are monitoring this thread. If you want to give excuses for not revealing the bug and claiming bounty, this is not going to happen.

Small errors:
Cant go back from register page to homepage without forcing back button.
Always shows balances approx 30 min behind the blockchain in adress watcher (not immidiate update of balance)

This is correct, it waits for 2 confirmations. You can see synced till block on dashboard

[josef2000]

When I do some small configs. THIS HAPPENS... Not going to say how until bounty given. So every hacker can steal the password easily

In your html , you have changed the type of input box from password to text. This is not a bug. You are trying to undermine your own security

You can register an already registered google plus account email(e.g test@gmail.com). when you login, you can access all the data on the google plus account.

Can you show me proof of this. You cannot login until you click the email link containing the activation code

I have already paid for similar bounties https://bitcointalk.org/index.php?topic=889020.msg9835960#msg9835960 and lot of people are monitoring this thread. If you want to give excuses for not revealing the bug and claiming bounty, this is not going to happen.

Small errors:
Cant go back from register page to homepage without forcing back button.
Always shows balances approx 30 min behind the blockchain in adress watcher (not immidiate update of balance)

This is correct, it waits for 2 confirmations. You can see synced till block on dashboard

Thats how hackers could easily get your password.

I cant prove this. you need to try this. just register any gmail account and try. The thing is, that someone, who knows the googleplus email of the victim, can register with the same email of the googleplus account. and the database and information is same

[vm_mpn]

Oh! What a wonderful idea for a service / website. May be you can add some multisig capability where your registered users can login and confirm their wallet transactions in case they are getting hacked. Just thinking out loud. Bravo!

[franckuestein]

@btc_enigma, did you solved the scripts pointing to the correct location as well as the scripts references?
Me and a user after my comment reported that problem and I just want to know if everything is ok now and your site is fully optimized

Thanks!

[btc_enigma]

@btc_enigma, did you solved the scripts pointing to the correct location as well as the scripts references?
Me and a user after my comment reported that problem and I just want to know if everything is ok now and your site is fully optimized

Thanks!

Hey thanks, we are still fixing it

[btc_enigma]

Update

hexafraction  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

I cant prove this. you need to try this. just register any gmail account and try. The thing is, that someone, who knows the googleplus email of the victim, can register with the same email of the googleplus account. and the database and information is same

I have checked the database you tried to register test@test.com, but were not able to activate it because you don't own the email id. So even if you register no harm done. Real owner of test@test.com can still login with his/her googleplus account

[hexafraction]

Update

hexafraction AT gmail DOT com  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

Please don't post my email directly

[btc_enigma]

Please don't post my email directly

Sorry, edited

[btc_enigma]

Oh! What a wonderful idea for a service / website. May be you can add some multisig capability where your registered users can login and confirm their wallet transactions in case they are getting hacked. Just thinking out loud. Bravo!

thanks, please considering subscribing to our project development thread https://bitcointalk.org/index.php?topic=880995.0. You can follow updates to our site here.

May be you can add some multisig capability where your registered users can login and confirm their wallet transactions in case they are getting hacked

Sorry, I didnt get this . Can you elaborate on how this should work?

[btc_enigma]

None reported 3 major bugs.

i am giving 0.01 BTC for major bug to hexafraction,
also giving 0.01 BTC for interesting minor bug to small

Please let me know your bitcoin addresses to claim bounty

[hexafraction]

None reported 3 major bugs.

i am giving 0.01 BTC for major bug to hexafraction,
also giving 0.01 BTC for interesting minor bug to small

Please let me know your bitcoin addresses to claim bounty

1G45ku6gQfiNYmPJoFaaMAYD2mx9zq16E

May be you can add some multisig capability where your registered users can login and confirm their wallet transactions in case they are getting hacked

Sorry, I didnt get this . Can you elaborate on how this should work?

I think the idea was something along the lines of blockonomics having a private key for multisig and using it to co-sign the transaction with an external key.

[whitewhidow]

Update

xxxxxxxxx  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

Please don't post my email directly

Sorry, edited

edited, but its still in all your quotes guys ,  lol

[btc_enigma]

tx submitted https://blockchain.info/tx-index/58d836af92faba264da061123a9ff6f1f360dad6af148a546d44dfa15713ec46

[franckuestein]

tx submitted https://blockchain.info/tx-index/58d836af92faba264da061123a9ff6f1f360dad6af148a546d44dfa15713ec46

I think that we didn't found major bugs on the site but @akula999 and me made some suggestions on the code/style and Query's, so maybe a tip could be nice!  
Some browsers detect it as a problem so sending recommendations to you is helping, too  

[josef2000]

Update

hexafraction  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

I cant prove this. you need to try this. just register any gmail account and try. The thing is, that someone, who knows the googleplus email of the victim, can register with the same email of the googleplus account. and the database and information is same

I have checked the database you tried to register test@test.com, but were not able to activate it because you don't own the email id. So even if you register no harm done. Real owner of test@test.com can still login with his/her googleplus account

I tried with another email, a gmail.
I successfully registered, but also can login with google plus with that email without the website password. All the informations saved in that account is same as the normal Email account(Wallet-watcher)

Email jcl051000@gmail.com

You need to try to register an gmail-Email. Then register an account with it on your website.
When you try to use Googleplus to login with that email, without even knowing the password of the website.