We’re inviting the community to help test the security of our products. Bounties pay from $150 to $2,500, depending on the severity of the vulnerabilities discovered in our software.
We’re opening a programme of bug bounties to hackers with the hope that you’ll help us make it more robust, secure and easy to use.
We’re focusing on front-end functionality at this point, though of course if you find a significant bug that doesn’t strictly fall into that category we want to know about it and will be happy to reward you for drawing it to our attention!
To decide on the category of bug and level of rewards, we’re using Bugcrowd’s Vulnerability Rating Taxonomy — take a look and familiarise yourself with how bugs are ranked and rewarded. In all cases bugs may be recategorised (both up and down) if their severity needs to be reconsidered. (If that happens, we will of course ensure that we explain our decision in detail to the researcher who discovers the bug, justifying the reasons for recategorisation and any change in the rewards offered. Should you disagree with the decision, there is an appeals process.)
Bug categories and bounties are as follows:
You’ll find more information on the bugcrowd page, including information about the credentials you’ll need to use the platform and further guidelines. Please observe these to ensure that everyone gets a fair chance at discovering bugs and collecting the bounties. The bounty programme will run for one month, until 24 October 2018.
Thank you for your interest and efforts in helping us to make our exchange more secure and user-friendly! We look forward to working with you.
For more information about ChronoBank and background on our software and ecosystem, visit www.ChronoBank.io. Happy hunting!