We have developed a revolutionary new digital payments ecosystem that allows anyone to transact digital funds via their smartphone. Our ecosystem is powered by our very own blockchain Electroneum.
Our mobile-based payments solution is powered by our own cryptocurrency called ETN (Electroneum). ETN is a store of value that can be used to purchase everyday items, from bread and milk, to mobile phone top ups. When used in conjunction with the Electroneum mobile application, users can transfer ETN to anyone in an instant, either in person or remotely.
Electroneum believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
Thank you for helping us keep Electroneum and our users safe!
Complying with the Bug Bounty Program policy requires researchers to adhere to “Responsible Disclosure”. Responsible Disclosure includes:
Electroneum considers Social Engineering attacks against Electroneum employees to be a violation of Program Policies. Researchers engaging in Social Engineering attacks against Electroneum employees will be banned from the Electroneum Bug Bounty program. We define Social Engineering as acts that influence people to perform security-impacting actions or divulge confidential information.
In order to be deemed valid, a report must demonstrate a software vulnerability in a service provided by Electroneum that harms Electroneum or Electroneum users.
Reports that include a clear Proof of Concept or specific step by step instructions to replicate the vulnerability are considerably more effective at communicating a researcher’s findings and are therefore far more likely to be deemed valid.
A report must be a valid, in scope report in order to qualify for a bounty. Electroneum awards bounties based on severity of the vulnerability. We determine severity based on two factors: Impact and Exploitability.
Impact describes the effects of successful exploitation upon Electroneum systems or users. We make this assessment primarily by examining the effects of exploitation on confidentiality, integrity, or availability of underlying information. Vulnerabilities that require considerable response and remediation efforts or could result in reputational damage are also considered to have greater impact. For example:
Exploitability describes the difficulty of actively exploiting the vulnerability itself. We make this assessment primarily based on the prerequisites for exploitation, including level of access required, availability of information critical for successful exploitation, and likelihood of alignment of required factors outside the attacker's direct control such as social engineering requirements or timing requirements. For example:
Severity is determined as a combination of Impact and Exploitability. For example:
In order to provide general guidelines to researchers regarding the rewards that can be expected for a given report, Electroneum uses the severity of a report to place the report into one of the following tiers and the reward can be found at the top of the bounty page.
The rewards for each tier are minimum bounties for the tier. Bonuses in excess of the tier minimum can be awarded based on the severity of the vulnerability or creativity of the exploitation. Researchers are also more likely to earn a larger reward for exceptionally clear and high-quality reports.
Previous bounty amounts are not considered precedent for future bounty amounts. Software is constantly changing and therefore the given security impact of the exact same vulnerability at different times in the development timeline can have drastically different security impacts.
The Electroneum Bug Bounty program scope covers all the services listed below:
All assets on the below domains, except services provided by third parties:
The following mobile apps:
When reporting vulnerabilities, please consider (1) attack scenario / exploitability, and (2) security impact of the bug. The following issues are considered out of scope:
Electroneum will make a best effort to meet the following SLAs for hackers participating in our program:
Please follow the Hacker One’s disclosure guidelines.
Extra disclosure policy points
|Scope Type||Scope Name|
|Scope Type||Scope Name|
The public program Electroneum on the platform Hackerone has been updated on 2019-08-03, The lowest reward is 50 $.