Banner object (1)

Hack and Take the Cash !

800 bounties in database
  Back Link to program      
07/03/2019
ICONLOOP Inc. logo
Thanks
Gift
Hall of Fame
Reward

Reward

100 $ 

In Scope

Scope Type Scope Name
undefined https://github.com/icon-project/iconex_chrome_extension
web_application https://github.com/icon-project/loopchain
web_application https://github.com/icon-project/icon-service
web_application https://github.com/icon-project/earlgrey
web_application https://github.com/icon-project/icon-commons
web_application https://github.com/icon-project/icon-rpc-server

Out of Scope

Scope Type Scope Name
web_application https://github.com/icon-project/governance

ICONLOOP Inc.

Software Scope

How to test Auto Signing in the ICONex Chrome Extension

  1. Install ICONex chrome extension __
  2. Request for signing from external web applications using ICONex connect (Please, refer to the signing section in https://github.com/icon-project/iconex_chrome_extension/tree/master/docs/iconex_connect __)
  3. When ICONex shows the following screen, one can choose the "Enable auto signing" feature to allow automatic sign-in without typing in the password for a specified duration of time.
    Screenshot : F523962

  4. During this process, the private key is saved in memory for subsequent sign-ins.

  5. We are keen for you to explore if any third-parties can have access to/expose the private key in step 4.

Testnet

ICON foundation provides ICON testnet for testing vulnerabilities of hackers.
If the ICON testnet malfunctions during testing, please contact us by email.

Useful ICON Documentation

Out of scope vulnerabilities

There is an audit process that checks vulnerabilities when deploying smart contract on ICON mainnet. The following items are filtered by the audit process and excluded from the vulnerability rewards.

Disclosure Policy

  • As this is a private program, please do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization.
  • Follow HackerOne's disclosure guidelines __.

Program Rules

  • Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
  • Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
  • When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced).
  • Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
  • Social engineering (e.g. phishing, vishing, smishing) is prohibited.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

FireBounty © 2015-2019

Legal notices