We use cookies to better provide our services. By using our services, you agree to our use of cookies .

Bug Bounty

Hunt down vulnerabilities for some cold hard JSE

Bug Bounty

JSE Security Bug Bounty

Happy bug hunting!

As part of our continued commitment to ensuring the safety and reliability of the JSEcoin system - we offer a bug bounty scheme for responsible disclosure of security vulnerabilities.

Software security researchers today are increasingly engaged with Internet companies to track issues and security vulnerabilities. Programs by HackerOne, Hacken, Google, Mozilla, and others have helped to create a strong bug-hunting community.

Our bounty program gives a tip of the hat to these researchers for their efforts and provides some cold hard JSE.

If you’ve found a vulnerability, submit it here .

Leaderboard

Wow! Thanks for helping us out.

Our new site just launched - so get those bugs and small tasks in...

Name / Company
Link
Roberto Urbanus
Hawk Cyber Security
Mario Reder
Yosua Kristanto

Rules

Rules for you

  • Don’t attempt to gain access to another user’s account or data.
  • Don’t perform any attack that could harm the reliability/integrity of our services or data. DDoS/spam attacks are not allowed.
  • Don’t publicly disclose a bug before it has been fixed.
  • Only test for vulnerabilities on sites you know to be operated by JSEcoin and listed under Open Bounties.
  • Don’t use scanners or automated tools to find vulnerabilities. They’re noisy and we may ban your IP address.
  • Never attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.
  • When in doubt, contact us .

Rules for us

  • We will respond as quickly as possible to your submission.
  • We will keep you updated as we work to fix the bug you submitted.
  • We will not take legal action against you if you play by the rules.

What does not qualify?

  • Bugs that don’t affect the latest version of modern browsers (Chrome, Firefox, Edge, Safari).
    • Bugs related to browser extensions are also out of scope.
  • Bugs requiring exceedingly unlikely user interaction.
  • Insecure cookie settings for non-sensitive cookies.
  • Disclosure of public information and information that does not present significant risk.
  • Bugs that have already been submitted by another user, that we are already aware of, or that have been classified as ineligible.
  • Bugs in applications not listed under Open Bounties are generally not eligible. Look at individual bounties for details on scope.
  • Vulnerabilities that JSE determines to be an accepted risk will not be eligible for a paid bounty or listing on the site.
  • Scripting or other automation and brute forcing of intended functionality.
  • For guidance, we have listed the Vulnerability classifications we use to organize submissions made to the bounty program.
  • Bugs related to email spoofing, clickjacking or social engineering.
  • When in doubt, contact us .

Rewards

Payment in cryptocurrency

Minimum reward: 1,000 JSE
Maximum rewards: 100,000 JSE

Exact amount will be at the discretion of the team depending on the severity of the issue.

Please try and include as much information as possible in the report so the developers can reproduce and resolve the issue.
Please also state if you would like to be included in our hall of fame and provide a link and full name that you wish to use.

Submit a Bug

Already found an issue - know of a problem?