IOTA Foundation (www.iota.org) is a not-for-profit foundation based in Berlin, Germany with the mission to support the development and standardisation of new distributed ledger technologies (DLT). To drive the future economy of interconnected and autonomous devices, the IOTA Founders established the Foundation and developed the ideas behind the Tangle architecture. The IOTA Tangle is an innovative type of DLT specifically designed for large scale transactions and the Internet of Things (IoT) environment.
We are inviting researchers to test our latest Mobile and Desktop wallet: Trinity. It is aimed at non-technical consumers of IOTA technology, allowing them to access the network with a simple and fool-proof UI. The application has been developed using React Native for iOS and Android as well as Electron for Windows, Mac Os and Linux.
We hope this program helps deliver a safer wallet to the consumers of IOTA technology.
For the initial prioritization/rating of findings, this program will use theBugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
Last updated 13 Feb 2020 00:32:51 UTC
Technical severity | Reward range
p1 Critical | Up to: $1,500
p2 Severe | Up to: $900
p3 Moderate | Up to: $300
p4 Low | Up to: $100
P5 submissions do not receive any rewards for this program.
Target name | Type
IOTA Desktop Client (all Operating Systems) | Other
IOTA Android Client | Android
IOTA iOS Client | iOS
Any domain/property of the IOTA organization not listed in the targets section is out of scope. This includes any/all subdomains not listed above.
Binaries can be downloaded here
Mono-repo Source Code
The applications are built to be standalone, they do not require any servers from the IOTA Foundation to run.
They have a pre-populated list of IOTA nodes to enable a quick start for new users. This can be changed in the settings. If you would like to run you own node to connect with the Trinity wallet you can follow a tutorial here.
Any contact forms or issue submission functions within the app are live. However, it is best to submit through this platform.
The application can be used without credentials provided by following the internal setup process. However, upon request, researchers will be provided with one SEED that contains 40Ki of IOTA tokens (see below for obtaining a seed).
These tokens are real and are valid on the main IOTA network. This is equal to 40,000 tokens, which is roughly $0.6 USD. The minimum amount that can be sent on the network is 1 token and there are no fees. So you will be able to send these tokens back and forth between multiple wallets.
Each researcher will be given one SEED - please follow the guide below to obtain credentials.
1.) To request access to the program, first log into your Bugcrowd researcher account.
2.) Once signed in, please email firstname.lastname@example.org to request credentials.
3.) Bugcrowd will distribute your seed/wallet as quickly as possible.
The applications core functionality is three fold:
Ensuring the security of these functions is of the greatest importance to the Foundation and ultimately the users of the wallet.
This program follows Bugcrowd’s standard disclosure terms.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.
|Scope Type||Scope Name|
IOTA Android Client
IOTA iOS Client
IOTA Desktop Client (all Operating Systems)
This program have been found on Bugcrowd on 2018-10-25.