Bug Bounty Program
Ethbet takes the security of its websites and applications seriously and implements a bug bounty program should any mistakes have been made. Ethbet's bug bounty program can reward security researchers with cryptocurrency payments for finding critical bugs. Below you can find some information about this program.
Email address for security questions or submissions: [email protected]
The following domains constitute the exclusive scope of Ethbet's bug bounty program. No other domains are eligible or may be tested against:
Guidelines for participants
- Do not publicize bugs before they have been reported and fixed.
- Do not attempt to access or download sensitive information of other users or of Ethbet's.
- Do not impact other users with your testing, for example by causing data corruptions or denial of service.
- Do not use automated tools or scanners to find vulnerabilities.
- Do not attempt brute forcing or denial of service attacks.
- Do not attempt non-technical attacks such as phishing, social engineering, threats, physical attacks, etc.
- If you are not sure if something is allowed or included within this program, please send an email first.
The following types of issues may be reported but may have reduced or no reward as they may be outside of our control:
- Attacks involving third party software not controlled by Ethbet (web servers, Ethereum clients, web browsers, third party libraries)
- Attacks targeting third party companies such as server providers, domain registrars, social media, CDN networks
The following issues are not considered a security bug and are not eligible for reward:
- Optimizations of the site's HTTP headers or CSRF policy
- Optimizations of the site's DNS or email information. Ethbet does not collect user emails or have a mailing list
- A bug that is client-side and cannot affect other users, such as XSS that displays only to yourself
Additional requirements for bug submitters:
- The reported bug must be original and cannot have been already reported.
- You must not exploit any security bugs for your own gain.
- You must not be on the US sanctions list or in a country (e.g. Cuba, Iran, North Korea, Sudan and Syria) on the US sanctions list.
- You must be old enough to be eligible to participate in or receive payment from this program in your jurisdiction.
Rewards for bug bounties vary depending on the severity of the bug found. Larger rewards are reserved only for critical bugs, which can currently reward up to 5 ETH. Other minor rewards such as being listed as a contributing security researcher may be provided as well for minor bugs or fixes.
To report a bug please email the security address ([email protected]) with all related information, including a verbose description, instructions on how to reproduce the issue, a proof of concept if applicable, and any other information that may be relevant.