Security Vulnerability Bounty Centrifuge OS

[pstehlik]

Why We Care About Security

No technology is perfect or perfectly secure. Centrifuge believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. We welcome the contribution of external security researchers and look forward to awarding them for their invaluable contribution to the security of all our users.

If you believe you've found a security issue in our product or service, we encourage you to notify us. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users and we will reward valid, in-scope submissions with a bounty.

Please refer to the Centrifuge Security Vulnerability Disclosure page for further information on how to disclose any vulnerability you might find.

Rewards

The minimum reward is 100 DAI.
The reward depends on the vulnerability severity and ease of exploit that were submitted.
Payments are made via our pre-funded Gitcoin bounty.

Rewards will only be granted for the first submission of any valid in-scope vulnerability. The reward will be granted only to the first researcher to submit a valid in-scope submission through the official e-mail account security@centrifuge.io. Please refer to the Centrifuge Security Vulnerability Disclosure page for further information on how to disclose any vulnerability you might find.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This issue now has a funding of 5000.0 DAI (5000.0 USD @ $1.0/DAI) attached to it as part of the centrifuge fund.

• If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
• Want to chip in? Add your own contribution here.
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $98,588.13 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work has been started.

These users each claimed they can complete the work by 316 years from now.
Please review their action plans below:

1) sachincool has started work.

take time in recon and Find what the company software does, Look at the in-scope vectors to find out what would the best starting point.
See what functionality does the software provides and If there's any way to bypass input sanitization.
look at several other company-owned domains for numerous vulnerabilities like the Owasp-top-10

Tools I'm going to use: Burp (Mostly), Amass, Sublist3r, LinkFinder, JsParser. few others depending on what Stack I find.
2) davidbanu has started work.

I will look for any vulnerability in the code and manual test it...
3) roony0072 has started work.

I am going to check URL through MXToolbox.
Also will use Burp Suite.

Learn more on the Gitcoin Issue Details page.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work for 5000.0 DAI (5000.0 USD @ $1.0/DAI) has been submitted by:

1. @roony0072

@pstehlik please take a look at the submitted work:

• (Link Not Provided) by @roony0072

---

• Learn more on the Gitcoin Issue Details page
• Want to chip in? Add your own contribution here.
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $133,006.63 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

⚡️ A tip worth 200.00000 DAI (200.0 USD @ $1.0/DAI) has been granted to @roony0072 for this issue from @. ⚡️

Nice work @roony0072! To redeem your tip, login to Gitcoin at https://gitcoin.co/explorer and select 'Claim Tip' from dropdown menu in the top right, or check your email for a link to the tip redemption page.

• $132545.10 in Funded OSS Work Available at: https://gitcoin.co/explorer
• Incentivize contributions to your repo: Send a Tip or Fund a PR
• No Email? Get help on the Gitcoin Slack

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This Bounty has been completed.

Additional Tips for this Bounty:

• tipped 200.0000 DAI worth 200.0 USD to roony0072.

---

• Learn more on the Gitcoin Issue Details page
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $127,535.82 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This issue now has a funding of 5000.0 DAI (5000.0 USD @ $1.0/DAI) attached to it as part of the Centrifuge fund.

• If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
• Want to chip in? Add your own contribution here.
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $131,949.74 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work has been started.

These users each claimed they can complete the work by 316 years, 1 month from now.
Please review their action plans below:

1) evertonmelo has started work.

add issues for requeriments and prevent possibles splits or broken.
2) naderakhlagh has started work.

Bounty add dap fjkrac dbjrev gtb. Vbyfer. Fg
3) lucasvo has started work.

Deprecating this bounty will be replaced with another program.
4) officialhackercommunity has started work.

I am an ethical hacker and pentestor an i have tested many apps and website security and also work with many company
my question can i test and perform ll security test on website
5) andyafter has started work.

Hey there I am very interested in this project. How could I apply for it and what would the work proccess be?

Learn more on the Gitcoin Issue Details page.

[aahutsal]

@pstehlik seems you've renewed that issue on Gitcoin. How to get notified about new PRs needed to be checked?

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This Bounty has been completed.

Additional Tips for this Bounty:

• tipped 200.0000 DAI worth 200.0 USD to roony0072.

---

• Learn more on the Gitcoin Issue Details page
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $127,274.51 more funded OSS Work available on the Gitcoin Issue Explorer