API Bug Bounty program
Scope: Only BTC testnet API endpoints
Description
Program Terms
Scope
Forwarding API and Wallet API only BTC testnet endpoint:
https://api.bitaps.com/btc/testnet/v1/
Testnet BTC coins available on our testnet faucet:
https://tbtc.bitaps.com
Report
Only reports that meet the following requirements are eligible to receive a bitcoin reward:
- You must be the first reporter of the vulnerability
- The vulnerability must demonstrate security impact to API in scope
- You must not have compromised the privacy of our users
- You must not publicly disclose a vulnerability prior to closing the report and releasing a bug fix.
All bug reports must be submitted to bugbounty@bitaps.com
Ineligibility
- Vulnerabilities contingent on physical attack, social engineering, spamming, DDOS attack, etc
- Vulnerabilities that have been released publicly prior to bitaps.com issuing a comprehensive fix
- Vulnerabilities already known to us, or already reported by someone else (reward goes to first reporter). Issues that aren't reproducible
- Missing security headers without proof of exploitability
- Suggestions on best practices
- Software version disclosure
- Any report without an accompanying proof of concept exploit
- The output from automated tools/scanners
- Issues without any security impact
Rewards
Vulnerability | Reward |
---|---|
Remote code execution (RCE) | 0.5 BTC |
Injections (SQLi or equivalent) | 0.3 BTC |
Local files access and manipulation (LFR, RFI, XXE) without jail/chroot/file type restrictions) | 0.3 BTC |
RCE in standalone isolated / virtualized single-purpose process (e.g. image conversion) | 0.3 BTC |
SSRF with security impact | 0.3 BTC |
Serverside vulnerability with information disclosure (e.g. memory Leaks / IDORs) of application critical or highly confidential data (e.g. private keys, accounts, passwords) | 0.3 BTC |
Serverside vulnerability with user and system data security impact (e.g. boost user balances, unauthorized transfers) | 0.5 BTC |
Admin / support interface authentication bypass | 0.2 BTC |
Program duration
Bitaps.com Bug Bounty program works on an ongoing basis