Bug bounties and wall of fame entries will only be awarded following responsible investigation and reporting. This includes but is not limited to the following:
- No distributed denial of service attacks
- Target your own accounts and respect the privacy of other users
- Initial reporting of the bug should be direct to our team and not publicly released until the issue is resolved.
- No disruption to the service should take place throughout testing and disclosure
Security issues that typically would be eligible (though not necessarily in all cases) include:
- Unauthorized account access
- Unauthorized transmission of funds
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Code Injection
- Remote Code Execution
- Privilege Escalation
- Authentication Bypass
- Leakage of Sensitive Data
- Clients side hash rate manipulation
- Bugs previously submitted by another party
- Social engineering
- Third party application faults
- Unreplicable faults
- Unexploitable or unrealistically exploitable bugs
Minimum reward: 20 JSE
Maximum rewards: 500 JSE
Exact amount will be at the discretion of the team depending on the severity of the issue.
Include your jsecoin email address or userID so we can send a bug bounty.
Please also state if you would like to be included in our hall of fame and provide a link and full name that you wish to use.