Our team runs a variety of websites/databases/software/tools to manage the
Eobot website. These are all in scope, specifically:
We are most interested in attacks that can steal coins from our site, as cryptocurrency is irreversible.
Let us know if you want a small amount of coins/GHS, if it helps with any testing.
Out of scope/off limits:
-autocomplete is meant to be on
-leakage to chatango/google analytics ok
-vulns in 3rd party plugins, like paypal/chatango/google analytics are out of scope
-brute force of easy passwords is possible
-poodle is known and ok
-session still valid after password change ok
-bugs in the basic bitcoin core are not eligible, e.g. bitcoind/dogecoind
|Scope Type||Scope Name|
The progam has been crawled by Firebounty on 2014-11-02 and updated on 2019-08-06, 43 reports have been received so far.