No technology is perfect and blockchain is one of them, SpesCoin believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any our platform. If you believe you’ve found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly. Please review the following program rules before you report a vulnerability. By participating in this program, you agree to be bound by these rules.
The following domains and applications are within the scope of this program:
- Let us know as soon as possible upon discovery of a potential security issue, and we’ll make every effort to quickly resolve the issue.
- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.
While researching, we’d like to ask you to refrain from:
- Denial of service to SpesCoin services or customers’ services
- Degrading performance or service of SpesCoin services or our customers’ services
- Spamming (even self-spamming)
- Social engineering (including phishing) of any SpesCoin users and developers
In order to be eligible for a bounty, you must meet the following requirements:
- You must be the first reporter of the vulnerability
- Vulnerability must be associated with a domain or application listed above and not applicable to the above exclusions
- You must not publicly disclose the vulnerability without our prior discretion
- Vulnerability must have a clearly identified security impact and presented with enough information for investigation and reproduction by SpesCoin developers
Any vulnerabilities reported with the following criteria are not eligible for a bounty:
- Affecting an ineligible scope
- Only affecting outdated browsers/platforms
- Only affecting the executing user (self-XSS and similar)
- Applicable only through social engineering
- Pretense being you already have access to affected account (or user’s browser)
- Vulnerabilities considered by SpesCoin to be of low severity
SpesCoin will determine in its own discretion whether a reward should be granted and the amount of the reward. Depending on their impact, not all reported issues qualify for a SPES reward. However, all reports are reviewed on a case-by-case basis.
You must comply with all applicable laws in connection with your participation in this program. You are also responsible for any applicable taxes associated with any reward you receive.
Thank you for helping keep SpesCoin platform and our users safe!
How to announce safety leaks at SpesCoin
For detailed information of safety leaks, please use the below stated form: