Trustee Plus has initiated a dynamic Bug Bounty Program, aimed to harness the expertise of white-hat hackers to augment the security infrastructure of the Trustee project. This initiative is a golden opportunity for cybersecurity enthusiasts and professionals to showcase their skills and contribute to making the Trustee ecosystem more secure and robust than it presently is. Below we detail the reward structure and essential guidelines for participation.
Reward Structure
The program offers a tiered reward system based on the severity of the identified vulnerabilities. Participants can expect the following bounty ranges:
| Critical | $2,000 – $3,000 |
| High | $1,000 – $2,000 |
| Medium | $500 – $1,000 |
| Low | $100 – $500 |
Program Scope
Scope of Vulnerabilities
| https://apps.apple.com/ua/app/trustee-plus-crypto-neobank/id1634455978 | IOS |
| https://play.google.com/store/apps/details?id=com.trusteeplus | Android |
In-Scope Vulnerabilities
We invite participants to focus their efforts on identifying the following potential vulnerabilities:
- Business logic issues
- Payments manipulation
- Remote code execution (RCE)
- Injection vulnerabilities (including SQL, XXE)
- File inclusions (both local & remote)
- Access control issues (such as IDOR, privilege escalation, etc.)
- Leakage of sensitive data
- Server-Side Request Forgery (SSRF)
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Directory traversal
- Other vulnerabilities with clear potential for loss
The program excludes the following vulnerabilities from the scope:
- Attacks necessitating physical access to a user’s device
- Vulnerabilities demanding root/jailbreak
- Issues requiring substantial user interaction
- Exposure of non-sensitive data on the device
- And other specified criteria from the original document
Event Statement
- Make every effort not to damage or restrict the availability of products, services, or infrastructure
- Avoid compromising any personal data, interruption, or degradation of any service
- Don’t access or modify other user data, localize all tests to your accounts
- Perform testing only within the scope
- Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks, or spam
- Don’t spam forms or account creation flows using automated scanners
Join us in this collaborative effort to bolster the Trustee Plus ecosystem’s security infrastructure. Your expertise can help carve a safer and more secure future for all Trustee users!
Leave a Reply