Trustee Plus Bug Bounty Program: Empowering White Hats to Enhance Security

Trustee Plus has initiated a dynamic Bug Bounty Program, aimed to harness the expertise of white-hat hackers to augment the security infrastructure of the Trustee project. This initiative is a golden opportunity for cybersecurity enthusiasts and professionals to showcase their skills and contribute to making the Trustee ecosystem more secure and robust than it presently is. Below we detail the reward structure and essential guidelines for participation.

Reward Structure

The program offers a tiered reward system based on the severity of the identified vulnerabilities. Participants can expect the following bounty ranges:

Critical$2,000 – $3,000
High$1,000 – $2,000
Medium$500 – $1,000
Low$100 – $500

Program Scope

Scope of Vulnerabilities

In-Scope Vulnerabilities

We invite participants to focus their efforts on identifying the following potential vulnerabilities:

  • Business logic issues
  • Payments manipulation
  • Remote code execution (RCE)
  • Injection vulnerabilities (including SQL, XXE)
  • File inclusions (both local & remote)
  • Access control issues (such as IDOR, privilege escalation, etc.)
  • Leakage of sensitive data
  • Server-Side Request Forgery (SSRF)
  • Cross-Site Request Forgery (CSRF)
  • Cross-Site Scripting (XSS)
  • Directory traversal
  • Other vulnerabilities with clear potential for loss

The program excludes the following vulnerabilities from the scope:

  • Attacks necessitating physical access to a user’s device
  • Vulnerabilities demanding root/jailbreak
  • Issues requiring substantial user interaction
  • Exposure of non-sensitive data on the device
  • And other specified criteria from the original document

Event Statement

  • Make every effort not to damage or restrict the availability of products, services, or infrastructure
  • Avoid compromising any personal data, interruption, or degradation of any service
  • Don’t access or modify other user data, localize all tests to your accounts
  • Perform testing only within the scope
  • Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks, or spam
  • Don’t spam forms or account creation flows using automated scanners

Join us in this collaborative effort to bolster the Trustee Plus ecosystem’s security infrastructure. Your expertise can help carve a safer and more secure future for all Trustee users!


Leave a Reply

Your email address will not be published. Required fields are marked *