Banner object (1)

Hack and Take the Cash !

822 bounties in database
  Back Link to program      
ICONLOOP Inc. logo
Hall of Fame


100 $ 


Software Scope

How to test Auto Signing in the ICONex Chrome Extension

  1. Install ICONex chrome extension __
  2. Request for signing from external web applications using ICONex connect (Please, refer to the signing section in __)
  3. When ICONex shows the following screen, one can choose the "Enable auto signing" feature to allow automatic sign-in without typing in the password for a specified duration of time.
    Screenshot : F523962

  4. During this process, the private key is saved in memory for subsequent sign-ins.

  5. We are keen for you to explore if any third-parties can have access to/expose the private key in step 4.


ICON foundation provides ICON testnet for testing vulnerabilities of hackers.
If the ICON testnet malfunctions during testing, please contact us by email.

Useful ICON Documentation

Out of scope vulnerabilities

There is an audit process that checks vulnerabilities when deploying smart contract on ICON mainnet. The following items are filtered by the audit process and excluded from the vulnerability rewards.

Disclosure Policy

  • As this is a private program, please do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization.
  • Follow HackerOne's disclosure guidelines __.

Program Rules

  • Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
  • Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
  • When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced).
  • Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
  • Social engineering (e.g. phishing, vishing, smishing) is prohibited.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

In Scope

Scope Type Scope Name






Out of Scope

Scope Type Scope Name

This program leverage 7 scopes, in 2 scopes categories.

FireBounty © 2015-2020

Legal notices