Total Valid Reports：4
Crypto Assets Exchange
- Program Logo
- 2021/02/16 〜 2021/12/31
- Bounty Range
- ¥5,000 ～ ¥5,000,000
- Only test for vulnerabilities on application stipulated in scope section.
Any vulnerabilities reported on applications out-of-scope are not eligible for bounty rewards.
Repetitive processing with tools are prohibited.
equivalent act that can degrade the performance of our service are also explicitly prohibited.
Actions and/or tests (including use of the vulnerabilities) that will impact the other end users are explicitly prohibited.
Execution of critical confirmation process like Deposit and withdrawal processing shall be as minimum as possible.
- Web application
- bitbankが運営する暗号資産(仮想通貨)取引所 | Crypto Assets Exchange
- Authentication up to 5,000,000yen
- Remote Code Execution up to 5,000,000yen
- SQL Injection up to 5,000,000yen
- other up to 500,000yen
- Cross-Site Request Forgery (CSRF) up to 300,000yen
- Not Eligible
- Vulnerabilities found through automated scans or tools
- Hypothetical or theoretical vulnerabilities without actual verification code
- Vulnerabilities with capability of brute force against password or tokens
- Password, email and account policies, such as email id verification, reset link expiration, password complexity
- Login/Logout CSRF
- Missing CSRF tokens
- CSRF on forms that are available to anonymous users (e.g. contact form)
- Missing security headers
- Vulnerabilities found in domains out-of-scope
- Vulnerabilities affecting outdated browsers or platforms
- Presence of autocomplete attribute on web forms
- Missing secure flags on non-sensitive cookies
- Reports of insecure SSL/TLS ciphers
- Vulnerabilities with capability of username/email enumeration
- Descriptive error messages (e.g. Stack traces, application or server errors)
- Banner disclosure on servers
- Misconfiguration of SPF record, DMARC and DKIM
- Invalid HTTP method
- This program requires you to open an account with bitbank.cc.
For eligibility details, please refer to the "Terms of Service Article 4" of this site.