DIFX Bug Bounty Program: Hunt Bugs For Rewards

Over a month ago, we partnered with HackenProof, a Web3.0 bug bounty platform to utilize crowdsourced security to keep our platform safe and secure at all times. The program is up for our website, iOS and Android mobile apps, and APIs.

Here’s all you need to know about the program:

If you find a vulnerability according to the bounty rules, you’ll be eligible to receive rewards based on severity level:

• • Critical: $2500 – $3000
• • High: $600 – $900
• • Medium: $100 – $150
• • Low: $50 – $100

Make sure your reports contain info about these incidents:

• • Business logic issues
• • Payments manipulation
• • Remote code execution (RCE)
• • Injection vulnerabilities (SQL, XXE)
• • File inclusions (Local & Remote)
• • Access Control Issues (IDOR, Privilege Escalation, etc.)
• • Leakage of sensitive information
• • Server-Side Request Forgery (SSRF)
• • Cross-Site Request Forgery (CSRF)
• • Store Cross-Site Scripting (XSS)
• • Directory traversal
• • Other vulnerabilities with a clear potential loss

Here are some rules that you should follow:

• • Avoid using web application scanners for automatic vulnerability searching which generates massive traffic
• • Please do not damage or restrict the availability of products, services, or infrastructure
• • Avoid compromising any personal data, interrupting, or degradation of any service
• • Don’t access or modify other user data, localize all tests to your accounts
• • Perform testing only within the scope
• • Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks, or spam
• • Don’t spam forms or account creation flows using automated scanners
• • In case you find chain vulnerabilities, the vulnerability with the highest severity will be eligible for the payment
• • Don’t break any law and stay within the defined scope
• • Any details of found vulnerabilities must not be communicated to anyone who is not a HackenProof Team or an authorized employee without appropriate permission
  

Remember, all vulnerabilities may not be eligible for this program. To see a detailed list of vulnerabilities that fall under the “Out of Scope” category, check our program on HackenProof.