Blockport aims to bridge the traditional world of finance and the new digital (crypto) economy.
In 2017 we saw a rising opportunity. The cryptocurrency and blockchain space was blooming and ripe for adoption by the majority of our society. We set out to build a user-friendly exchange that connects social with trading, enabling people to effortlessly trade cryptocurrency and help them adopt the new digital economy. We called our company and platform Blockport - an abbreviation for “Blockchain portal”, providing everyone access to the world of cryptocurrency and blockchain.
We are working hard to ensure a secure and stable product so that we can soon start on-boarding more users with confidence.
Naturally, financial systems come with a great responsibility for anyone involved in the platform's security. Therefore, Blockport requires that all participants:
In turn, Blockport will:
To promote the responsible disclosure of security issues, Blockport will not file a lawsuit against you or ask law enforcement to investigate you if can clearly determine that your research and disclosure meets the above requirements and overall guidelines.
For the initial prioritization/rating of findings, this program will use theBugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
Currently, this program offers no monetary compensation for findings at this time. We aim to find out what reward structure fits us and the community best, and in the meantime we absolutely encourage anyone with a valid security issue to responsibly disclose it to us. Please note that we are planning to add monetary compensation in the future, and we aim to reward very valuable submissions currently too.
We sincerely thank you for helping making Blockport more secure!
This program only awards points for VRT based submissions.
Target name | Type
app.blockport.io/api | API
app.blockport.io | Website
blockport.io | Website
Any domain/property of Blockport not listed in the targets section is out of scope. This includes any/all subdomains not listed above.
Target | Description
https://app.blockport.io/api | The backend of the app - all functionality goes through this API; There is currently no public documentation available.
https://app.blockport.io | The application that consumes the API and is the primary interface of Blockport
https://blockport.io | Our marketing site - there isn't much dynamic content here, but if you can find a vulnerability, let us know!
Researchers are free to self-provision and test any of the above assets as they're able to. No credentials or funds will be provided by Blockport at this time.
We ask researchers to focus their efforts in the following areas:
In addition, findings that fall into the “Excluded Submission Types” listed below will also be flagged as out of scope.
Vulnerability reports which do not include careful manual validation - for example, reports based only on results from automated tools and scanners or which describe theoretical attack vectors without proof of exploitability - will be closed as Not Applicable.
This Responsible Disclosure program follows Bugcrowd’s Vulnerability Rating Taxonomy with some additional vulnerability classes we consider to be excluded below:
This program follows Bugcrowd’s standard disclosure terms.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.
Contact us if you want more information.