Banner object (1)

Hack and Take the Cash !

751 bounties in database
15/04/2019
CODEX Exchange logo

200 HKN 

CODEX Exchange

CODEX is a licensed trading platform for cryptocurrencies & digital assets, built on vanguard security infrastructure and revolutionary reward system. CODEX offers one of the lowest fees on the market and trade mining program.

__Scope

In Scope

Target | Type | Severity | Reward
---|---|---|---

codex.one

| Web | Critical | Bounty

api.codex.one

| API | Critical | Bounty

__Rewards

Severity (CVSSv3) | Reward
---|---
Critical | 3000$
High | 1500$
Medium | 500$
Low | 200$

__Focus Area

In-Scope Vulnerabilities


  • Remote Code Execution (RCE)
  • Authentication bypass
  • Theft of privileged information
  • XSS/CSRF/Clickjacking affecting sensitive actions (excluding Self-XSS and logout CSRF)
  • Privilege escalation
  • Database vulnerability, SQL Injection
  • Manipulation of account balance
  • Other vulnerability with clear potential for financial or data loss

Out-of-Scope Vulnerabilities


  • Theoretical vulnerabilities without actual proof of concept
  • Email verification deficiencies, expiration of password reset links, and password complexity policies
  • DNS issues (i.e. mx records, SPF records, etc.)
  • Clickjacking/UI redressing with minimal security impact
  • Email or mobile enumeration (E.g. the ability to identify emails via password reset)
  • Information disclosure with minimal security impact (E.g. stack traces, path disclosure, directory listings, logs)
  • Internally known issues, duplicate issues, or issues which have already been made public
  • Tab-nabbing
  • Self-XSS
  • Vulnerabilities only exploitable on out-of-date browsers or platforms
  • Vulnerabilities related to auto-fill web forms
  • Presence of application or web browser ‘autocomplete’ or ‘save password’ functionality
  • Use of known vulnerable libraries without actual proof of concept
  • Lack of Secure/HTTPOnly flags on non-security-sensitive cookies
  • Issues related to unsafe SSL/TLS cipher suites or protocol version
  • Content spoofing
  • Cache-control related issues
  • Exposure of internal IP address or domains
  • Missing security headers that do not lead to direct exploitation
  • CSRF with negligible security impact (E.g. adding to favorites, adding to cart, subscribing to a non-critical feature)
  • Physical or social engineering attempts (this includes phishing attacks against employees)
  • Issues that have no security impact (E.g. Failure to load a web page)
  • Assets that do not belong to CODEX Exchange
  • UI and UX bugs and spelling or localization mistakes
  • Vulnerabilities in third-party applications
  • Reports that state that software is out of date/vulnerable without a proof of concept
  • Disclosure of known public files or directories, (e.g. robots.txt)
  • Weak Captcha
  • Recently disclosed 0day vulnerabilities.
  • Most brute forcing issues
  • Denial of service
  • Spamming

__Program Rules

  • Avoid compromising any personal data, interruption or degradation of any service.
  • Don’t access or modify other user data, localize all tests to your accounts.
  • Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks or spam.
  • In case you find chain vulnerabilities we pay only for vulnerability with the highest severity.
  • Only the first valid bug is eligible for reward.
  • Don’t disclose publicly any vulnerability until you are granted permission to do so.
  • Don’t break any law and stay in the defined scope.
  • Any details of found vulnerabilities must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company without appropriate permission.
  • Comply with the rules of the program.

Actions to avoid


  • Testing on accounts other than those that you own
  • Automated testing using tools such as scanners
  • Excessive request attempts
  • Destruction of data

__Disclosure Guidelines

  • Providing us a reasonable amount of time to fix the issue before publishing it elsewhere.
  • Making a good faith effort to not leak or destroy any CODEX Exchange user data.
  • Not defrauding CODEX Exchange users or CODEX itself in the process of discovery.

__Non-security Related Issues

Please submit a request ticket at https://support.codex.one Thank you for your efforts in helping keep CODEX Exchange and its users safe!

Thanks
Gift
Hall of Fame
Reward


List your Bug Bounty for free immediately!

Contact us if you want more information.

FireBounty (c) 2015-2019