Banner object (1)

Hack and Take the Cash !

756 bounties in database
31/08/2017
Monero logo

Monero

The Monero Project

  1. Read and abide by our Vulnerability Response Process __
  2. Provide an XMR address within the report if you wish to receive bounty (assuming that the report is valid)
    • PoC within a report will most likely result in more bounty than not

Scope

!!! DO NOT SUBMIT CSRF / XSS RELATED REPORTS. THEY WILL BE CLOSED AS NOT APPLICABLE !!!

This primarily exists to help us find critical vulnerabilities in the Monero and Kovri applications, which are written in C++, with some C and assembly, and QtQuick for the Monero GUI. We are not terribly interested in website vulnerabilities (both the Monero and Kovri sites use Jekyll and produce static HTML) or metadata leaks from volunteer hosting infrastructure.

If you are looking to disclose web app vulnerabilities, or low-hanging fruit like CSRF / XSS bugs, you are looking at the wrong project. These are not web apps!

Project-specific policies:

Only the projects listed in our Vulnerability Response Process __are considered in scope.

Other projects, such as the Monero forum, are either being deprecated or are out of scope.

Note: as a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. The live sites are NOT in scope, only the code is!

Thanks
Gift
Hall of Fame
Reward


List your Bug Bounty for free immediately!

Contact us if you want more information.

FireBounty (c) 2015-2019