14711 policies in database
Link to program      
2021-02-16
bitbank logo
Thank
Gift
HOF
Reward

Reward

5000 ¥ 

bitbank

Rules

Only test for vulnerabilities on application stipulated in scope section.

Any vulnerabilities reported on applications out-of-scope are not eligible for bounty rewards.
Repetitive processing with tools are prohibited.
equivalent act that can degrade the performance of our service are also explicitly prohibited.
Actions and/or tests (including use of the vulnerabilities) that will impact the other end users are explicitly prohibited.
Execution of critical confirmation process like Deposit and withdrawal processing shall be as minimum as possible.

Scope

Web application

Name

bitbankが運営する暗号資産(仮想通貨)取引所 | Crypto Assets Exchange

URL

  • https://bitbank.cc

Domain

  • bitbank.cc
  • app.bitbank.cc
  • api.bitbank.cc

Eligible For Bounty

  • Authentication up to 5,000,000yen
  • Remote Code Execution up to 5,000,000yen
  • SQL Injection up to 5,000,000yen
  • other up to 500,000yen
  • Cross-Site Request Forgery (CSRF) up to 300,000yen

Not Eligible For Bounty

  • Vulnerabilities found through automated scans or tools
  • Hypothetical or theoretical vulnerabilities without actual verification code
  • Vulnerabilities with capability of brute force against password or tokens
  • Password, email and account policies, such as email id verification, reset link expiration, password complexity
  • Login/Logout CSRF
  • Missing CSRF tokens
  • CSRF on forms that are available to anonymous users (e.g. contact form)
  • Missing security headers
  • Vulnerabilities found in domains out-of-scope
  • Vulnerabilities affecting outdated browsers or platforms
  • Presence of autocomplete attribute on web forms
  • Missing secure flags on non-sensitive cookies
  • Reports of insecure SSL/TLS ciphers
  • Vulnerabilities with capability of username/email enumeration
  • Descriptive error messages (e.g. Stack traces, application or server errors)
  • Banner disclosure on servers
  • Misconfiguration of SPF record, DMARC and DKIM
  • Invalid HTTP method

Notes

This program requires you to open an account with bitbank.cc.

For eligibility details, please refer to the "Terms of Service Article 4" of this site.

In Scope

Scope Type Scope Name
web_application

https://bitbank.cc

web_application

bitbank.cc

web_application

app.bitbank.cc

web_application

api.bitbank.cc


Firebounty have crawled on 2021-02-16 the program bitbank on the platform Bugbounty.Jp.

FireBounty © 2015-2021

Legal notices