45466 policies in database
Link to program      
2017-08-31
2019-08-06
Monero logo
Thank
Gift
HOF
Reward

Monero

The Monero Project

  1. Read and abide by our Vulnerability Response Process

  2. Provide an XMR address within the report if you wish to receive bounty (assuming that the report is valid)

    • PoC within a report will most likely result in more bounty than not

Scope

!!! DO NOT SUBMIT CSRF / XSS RELATED REPORTS. THEY WILL BE CLOSED AS NOT APPLICABLE !!!

This primarily exists to help us find critical vulnerabilities in the Monero applications, which are written in C++, with some C and assembly, and QtQuick for the Monero GUI. We are not terribly interested in website vulnerabilities (the Monero site use Jekyll and produces static HTML) or metadata leaks from volunteer hosting infrastructure.

If you are looking to disclose web app vulnerabilities, or low-hanging fruit like CSRF / XSS bugs, you are looking at the wrong project. These are not web apps!

Project-specific policies:

Only the projects listed in our Vulnerability Response Process are considered in scope.

Other projects, such as the Monero forum, are either being deprecated or are out of scope.

Note: as a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. The live sites are NOT in scope, only the code is!


Firebounty have crawled on 2017-08-31 the program Monero on the platform Hackerone.

FireBounty © 2015-2024

Legal notices | Privacy policy