Block.io Bug Bounty Program

Block.io encourages responsible disclosure of security vulnerabilities through this bug bounty program. By helping us resolve potentially hazardous issues, you're keeping the Bitcoin/Dogecoin community safe.

Responsible Disclosure

Responsible disclosure includes:

• Providing us a reasonable amount of time to fix the issue before publishing it elsewhere.
• Making a good faith effort to not leak or destroy any Block.io user data.
• Not defrauding Block.io users or Block.io itself in the process of discovery.

In order to encourage responsible disclosure, we promise not to bring legal action against researchers who point out a problem provided they do their best to follow the above guidelines.

Rewards

The minimum payout is $10 for reporting a previously unknown security vulnerability of sufficient severity with possibility for direct exploitation. There is no maximum reward, and we may award higher amounts based on severity or creativity of the vulnerability found. We may reward the minimum bounty in cases where our security is adjusted for better defense in depth, but no direct exploitation is possible.

Eligibility

Block.io reserves the right to decide if the minimum severity threshold is met and whether it was previously reported.

In general, anything which has the potential for financial loss or data breach is of sufficient severity, including:

• XSS
• Authentication bypass or privilege escalation
• Click jacking
• Remote code execution
• Obtaining user information

In general, the following would not meet the threshold for severity:

• Vulnerabilities on sites hosted by third parties unless they lead to a vulnerability on the main website
• Denial of service
• Spamming
• Vulnerabilities in third party applications which make use of the Block.io API

Important : When reporting a vulnerability, you must provide an attack scenario and/or examples of the attack. Without this, we reserve the right to reject the bug as Not Applicable.

Thank you for your service!