702 188
1 681
$ 42 557. 06
+ 0.08 %
Description

Program Terms

Scope

Forwarding API and Wallet API only BTC testnet endpoint: https://api.bitaps.com/btc/testnet/v1/
Testnet BTC coins available on our testnet faucet: https://tbtc.bitaps.com

Report

Only reports that meet the following requirements are eligible to receive a bitcoin reward:

  • You must be the first reporter of the vulnerability
  • The vulnerability must demonstrate security impact to API in scope
  • You must not have compromised the privacy of our users
  • You must not publicly disclose a vulnerability prior to closing the report and releasing a bug fix.

All bug reports must be submitted to bugbounty@bitaps.com

Ineligibility
  • Vulnerabilities contingent on physical attack, social engineering, spamming, DDOS attack, etc
  • Vulnerabilities that have been released publicly prior to bitaps.com issuing a comprehensive fix
  • Vulnerabilities already known to us, or already reported by someone else (reward goes to first reporter). Issues that aren't reproducible
  • Missing security headers without proof of exploitability
  • Suggestions on best practices
  • Software version disclosure
  • Any report without an accompanying proof of concept exploit
  • The output from automated tools/scanners
  • Issues without any security impact

Rewards
Vulnerability Reward
Remote code execution (RCE) 0.5 BTC
Injections (SQLi or equivalent) 0.3 BTC
Local files access and manipulation (LFR, RFI, XXE) without jail/chroot/file type restrictions) 0.3 BTC
RCE in standalone isolated / virtualized single-purpose process (e.g. image conversion) 0.3 BTC
SSRF with security impact 0.3 BTC
Serverside vulnerability with information disclosure (e.g. memory Leaks / IDORs) of application critical or highly confidential data (e.g. private keys, accounts, passwords) 0.3 BTC
Serverside vulnerability with user and system data security impact (e.g. boost user balances, unauthorized transfers) 0.5 BTC
Admin / support interface authentication bypass 0.2 BTC

Program duration

Bitaps.com Bug Bounty program works on an ongoing basis