🎗 BSCStation Bug Bounty Program

🔥 The BSCStation Platform V2 has officially launched and we will host a Bug Bounty Program to enhance the community's experience via our users' feedback with valuable rewards for your contribution!

🤝 We also have awards for supportive contributors who give helpful suggestions to improve the BSCStation Platform.

⏰ Time: 10 AM October 21st - 10 AM October 31st (UTC)

🎁 Reward: 10,000 BUSD

✨ Critical bug: 200 BUSD/ each

✨ Normal bug: 100 BUSD/ each

💖 The Supportive: 10 BUSD/ each

⚙️ If you find any bugs while accessing the BSCStation Platform, please submit a detailed report via this LINK.

‼️ Immediately email support@bscstation.org if it is a critical bug.

🔗 The BSCStation Quality Assurance team will perform a check to determine whether the bug is a critical bug or a normal bug and calculate the reward.

🌟 BSCStation will contact the contributor to send the reward via the submitted email.

📕 Detail of the BSCStation Bug Bounty Programs

BSCStation Bug Bounty Program Rules

• Please disclose vulnerabilities privately via this LINK or through our email: support@bscstation.org.

• Public disclosure of a vulnerability would make it ineligible for a reward.

• Social engineering (e.g. phishing, vishing, smishing) is prohibited.

• Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.

• Submit one vulnerability per report unless you need to chain vulnerabilities to provide impact.

• When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced).

• Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.

• Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.

• Only interact with accounts you own or with the explicit permission of the account holder.

• Avoid using web application scanners for automatic vulnerability searching, which generates massive traffic.

• Don’t access or modify other user data; localize all tests to your accounts.

• Perform testing only within the scope

• Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks, or spam.

• Don’t spam forms or account creation flows using automated scanners

• Don’t break any law and stay within the defined scope.

• Please note that only vulnerabilities with a working proof of concept that shows how they can be exploited will be considered eligible for monetary rewards.

• Any details of found vulnerabilities must not be communicated to anyone who is not an authorized employee of BSCStation without appropriate permission.

• Terms and conditions of the bug bounty process may vary over time.

Requirements

We require that researchers:

• Do not access customer or employee personal information, pre-release BSCStation content, or confidential information. If you accidentally access any of these, please stop testing and submit the vulnerability.

• Stop testing and report the issue immediately if you gain access to any non-public application or non-public credentials.

• Do not degrade the BSCStation user experience, disrupt production systems, or destroy data during security testing.

• Perform research only within the scope.

• Submit any necessary screenshots, screen captures, network requests, reproduction steps or similar.

• When investigating a vulnerability, please only target your own account and do not attempt to access data from anyone else’s account.

• Securely delete BSCStation information that may have been downloaded, cached, or otherwise stored on the systems used to perform the research.

If you fulfill these requirements, BSCStation will:

• Work with you to understand and attempt to resolve the issue quickly

• Pay you for your research for unique vulnerabilities that meet the guidelines listed if you are the first to report the issue to us.

• To encourage responsible disclosure, BSCStation will not file a lawsuit against you or ask law enforcement to investigate you if we determine that your research and disclosure meets these requirements and guidelines.

• If you have any questions regarding the BSCStation Bug Bounty Program, please reach out to support@bscstation.org

IN-SCOPE VULNERABILITIES

We are interested in the following vulnerabilities:

• Unauthorized remote code execution

• Domain takeover

• Injection attacks

• Leaked secrets or sensitive information

• Denial of service - application level

• Account takeover

• Access control flaws

• Application layer denial-of-service

• Other vulnerability with a clear potential loss

OUT-OF-SCOPE VULNERABILITIES

Vulnerabilities found in out-of-scope resources are unlikely to be rewarded unless they present a serious business risk (at our sole discretion). In general, the following vulnerabilities do not correspond to the severity threshold:

• Vulnerabilities in third-party applications

• Unexploitable theoretical or best practices concerns

• Recently (less than 30 days) disclosed 0day vulnerabilities

• Vulnerabilities affecting users of outdated browsers or platforms

• Social engineering, spam, phishing, physical, or other fraud activities

• Most brute-forcing issues without clear impact

• Network DoS/DDoS issues

• Non-sensitive Information Disclosure

• Clickjacking/Tapjacking and issues only exploitable through clickjacking/tap jacking

• Self-XSS that cannot be used to exploit other users

• Missing cookie flags on non-sensitive cookies

• CSRF on unauthenticated endpoints

• OPTIONS/TRACE HTTP method enabled

• Host header issues without proof-of-concept demonstrating the vulnerability

• Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS

• Any attacks requiring physical access to a user's device

• CSP issues unless exploitable with POC

Disclosure Guidelines

• Do not discuss any vulnerabilities (even resolved ones) outside of the program without express consent from BSCStation.

• No vulnerability disclosure, including partial, is allowed for the moment.

• Please do NOT publish/discuss bugs

Eligibility and Coordinated Disclosure

We are happy to thank everyone who submits valid reports which help us improve the security and enhance the community’s experience on the BSCStation Platform. However, only those that meet the following eligibility requirements may receive a monetary reward:

• You must be the first reporter of a vulnerability.

• The vulnerability must be a qualifying vulnerability

• Any vulnerability found must be reported no later than 24 hours after discovery and exclusively through support@bscstation.org.

• You must send a clear textual description of the report along with steps to reproduce the issue, including attachments such as screenshots/videos or proof of concept code as necessary.

• You must not be a former or current employee of BSCStation or one of our contractors.

• Provide detailed but to-the-point reproduction steps

• We strive to maintain a healthy relationship with the security research community and base our report evaluation on industry norms and logical reasoning. However, in case of any disputes, our decision is final.

About BSCStation

BSCStation - The fully decentralized protocol for launching new ideas. An all-in-one Incubation Hub with a full-stack Defi platform across all main blockchain networks. We provide exclusive services including IDO/INO Launchpad, Yield farming, NFT Auction, Marketplace, and BSCSwap

BSCStation operates on top of all the main blockchain networks and is designed to offer maximum value to consumers and institutions.

BSCStation platform uses the Sharing Economy Model for the purpose of profit-sharing, helping users to access DeFi platforms in the easiest, safest, and most cost-effective way. BSCStation is the most convenient bridge to connect users and application products on all main blockchain networks.

Website|Telegram|Substack |Twitter |Discussion |Youtube

Comments

[Shezi1122]

I'm so happy to join this great project