The Coinzilla Bug Bounty Program was created to reward the users that invest their time into helping us improve the security and the overall functionality of our platform.
Through this program, we provide monetary compensation for vulnerabilities that were discovered and reported to our team in a responsible manner.
Criteria for eligibility
Any bug that poses a significant vulnerability, either to the security of our platform or the integrity of our brand, could be eligible for the program.
However, it’s entirely up to our team to decide whether a bug is serious enough to be considered a threat and therefore eligible for the reward. Some of the security issues that are usually eligible (though not necessarily in all cases) include:
- Cross-Site Request Forgery (CSRF);
- Cross-Site Scripting (XSS);
- Code Injection;
- Remote Code Execution;
- Privilege Escalation;
- Authentication Bypass;
- Leakage of Sensitive Data.
Bugs that are not eligible for reporting
Any bug or security issue that our team has no control over is not eligible for our bug bounty program. This includes, but is not limited to, the following:
- Vulnerabilities on sites hosted by third parties, unless they pose a threat to our main website;
- Vulnerabilities caused by physical attacks, social engineering, spamming, DDOS attack, etc;
- Vulnerabilities caused by outdated or unpatched browsers;
- Vulnerabilities in third-party applications that make use of Coinzilla’s API.
- Bugs that were not investigated and reported responsibly;
- Bugs that were already reported to our team (the reward goes to the first person who reported it);
- Issues that aren't reproducible.
The minimum reward for eligible bugs is the equivalent of €100 in Bitcoin or Ethereum. However, the compensation will increase based on the gravity of the issue reported.
Besides the monetary compensation (and our eternal gratitude), you can also choose to have your name and an URL of your choice displayed on our website’s Wall of Fame section.
How to Report a Bug
To report a bug, send us an email at [email protected]
Your email should include as much information as possible about the bug, including a description, possible solutions, its potential impact, and steps to reproduce it or proof of its existence.
Don’t forget to also include your BTC address for payment.
Notice: It may take us up to 2 business days to get back to you.
Responsible Investigation and Reporting
Coinzilla encourages you to always operate within legal boundaries when trying to identify potential security issues.
Some general rules that ensure a responsible investigation and reporting process include, but are not limited to, the following:
- Don't violate the privacy of other users, destroy data, disrupt our services, etc.;
- Only target your own accounts in the process of investigating a bug;
- Don't target our physical security measures or attempt to use social engineering, spam, distributed denial of service (DDOS) attacks, etc.;
- Report the bug in a responsible manner, and only to Coinzilla;
- Be patient while waiting for a reply, and do not disclose the bug to anyone else. If you decide to do so, give us a notice beforehand;
- In general, please investigate and report bugs in a way that makes a reasonable, good-intentioned effort not to be disruptive or harmful to us or to our users. Otherwise, your actions might be interpreted as an attack rather than an effort to be helpful.