Sign In 
Sign Up 
Total Reports:69
Total Valid Reports:23
Opened
bitbank
- Program
- bitbank
Crypto Assets Exchange - Program Logo
-
- Period
- 2022/01/01 〜 2022/12/31
- Bounty Range
- ¥5,000 ~ ¥5,000,000
- Rules
- Only test for vulnerabilities on application stipulated in scope section.
Any vulnerabilities reported on applications out-of-scope are not eligible for bounty rewards.
Repetitive processing with tools are prohibited.
equivalent act that can degrade the performance of our service are also explicitly prohibited.
Actions and/or tests (including use of the vulnerabilities) that will impact the other end users are explicitly prohibited.
Execution of critical confirmation process like Deposit and withdrawal processing shall be as minimum as possible. - Scope
-
- Web application
- Name
- bitbankが運営する暗号資産(仮想通貨)取引所 | Crypto Assets Exchange
- URL
- https://bitbank.cc
- Domain
- bitbank.cc
- app.bitbank.cc
- api.bitbank.cc
- Eligible
For Bounty -
- Authentication up to 5,000,000yen
- Remote Code Execution up to 5,000,000yen
- SQL Injection up to 5,000,000yen
- other up to 500,000yen
- Cross-Site Request Forgery (CSRF) up to 300,000yen
- Not Eligible
For Bounty -
- Vulnerabilities found through automated scans or tools
- Hypothetical or theoretical vulnerabilities without actual verification code
- Vulnerabilities with capability of brute force against password or tokens
- Password, email and account policies, such as email id verification, reset link expiration, password complexity
- Login/Logout CSRF
- Missing CSRF tokens
- CSRF on forms that are available to anonymous users (e.g. contact form)
- Missing security headers
- Vulnerabilities found in domains out-of-scope
- Vulnerabilities affecting outdated browsers or platforms
- Presence of autocomplete attribute on web forms
- Missing secure flags on non-sensitive cookies
- Reports of insecure SSL/TLS ciphers
- Vulnerabilities with capability of username/email enumeration
- Descriptive error messages (e.g. Stack traces, application or server errors)
- Banner disclosure on servers
- Misconfiguration of SPF record, DMARC and DKIM
- Invalid HTTP method
- Notes
- This program requires you to open an account with bitbank.cc.
For eligibility details, please refer to the "Terms of Service Article 4" of this site.
Bounty Reward History
-
2022/08/31 08:22
paid for Private 's report
-
2022/08/31 08:21
paid for Private 's report
-
2022/07/29 16:02
paid for Patelankit 's report
-
2022/05/30 07:22
paid for Private 's report
-
2022/05/30 07:22
paid for Auswahlen 's report
-
2022/03/28 16:02
paid for Auswahlen 's report
-
2022/03/28 15:39
paid for MinWan 's report
-
2022/02/28 17:56
paid for strikersatya 's report
-
2021/10/29 09:11
paid for jumpei 's report
-
2021/08/30 19:17
paid for kazkiti 's report
-
2021/08/30 19:15
paid for Patelankit 's report
-
2021/08/30 19:14
paid for Private 's report
-
2021/08/30 19:12
paid for Private 's report
-
2021/06/30 09:22
paid for 0daystolive 's report
-
2021/05/31 15:46
paid for mineo 's report
-
2021/05/31 15:45
paid for Private 's report
-
2021/05/31 15:43
paid for niwasaki 's report
-
2021/05/31 15:42
paid for mage 's report
-
2021/04/19 17:55
paid for Private 's report
-
2021/04/19 17:53
paid for Ibnu 's report
-
2021/04/19 17:51
paid for Private 's report
-
2021/04/08 18:12
paid for payloadartist 's report
bitbank,inc.
- Available Program:
- 1
- Closed Program:
- 0
- Bounties Range:
- ¥ 5,000 〜 ¥ 5,000,000
- Reward Type:
-
Top Hackers
-
1
Private
750pts
-
2
Patelankit
234 pts
-
3
payloadartist
150 pts
-
4
0daystolive
150 pts
-
5
Private
150pts
-
6
Auswahlen
60 pts
-
7
Private
51pts
-
8
Ibnu
50 pts
-
9
MinWan
50 pts
-
10
niwasaki
30 pts