Giters

FundRequest / platform

FundRequest platform code (core)

Home Page:https://fundrequest.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

As a security auditor I log a medium security breach in FundRequest platform

alpa-coder opened this issue · comments

commented

Description

As FundRequest we want our community to audit the platform to make sure we get the best audit possible.

Scope of Ticket

For automated testing, use the staging environment:

  • Find a Medium security breach

A medium security breach as described in the OWASP risk rating methodology:
image

Reward

The first reward is $1 000 in tokens, for each subsequent major security issue the bounty is lowered by $100 in tokens.

Precondition

  • The auditor must be logged into fundrequest
  • The auditor must have experience in pentesting, security audits, ...

Flow: Create Pull Request

  • Create a new issue in this repository
  • Edit
    https://github.com/FundRequest/platform/blob/develop/vulnerabilities.md
  • Add your name as an auditor
  • Describe the security breach using the example template
    Screen Shot 2018-05-14 at 13.30.35.png
  • Create a pull request with a reference to the GitHub issue you created, this will be used by the FundRequest platform. (How to reference an issue in a GitHub Pull request?)
  • FundRequest administrator(s) will review the pull request and validate the reported issue

Postcondition

  • The auditor succesfully created a ticket and pull request
  • The FundRequest team has successfully reviewed the pull request and funded the issue with $1,000 (or less) in tokens
  • The FundRequest team merges the pull request
  • The auditor can claim the funds

Acceptance criteria

  • The reported issue is considered a medium security breach as stated in the ticket
  • The security breach has to be unique.
  • The first person reporting the breach will be awarded the bounty.
  • The timestamp of the pull request will be used to define the first person who reported the security breach.
  • The bug may only be reported in this the FundRequest Github repository and cannot be made public on other platforms/media without the consent of the FundRequest team.
  • Determinations of eligibility, rewards and all terms related to an award are at the sole and final discretion of the FundRequest team.
  • The bug is first discussed with the team on Telegram before disclosing
commented


This issue has been funded using FundRequest. A developer can claim the reward by submitting a pull request referencing this issue. (How to Close Issues via Pull Requests?) e.g. fixes #537

  • For more help on how to claim on issue, please visit our help section.
  • Looking for more? Feel free to browse through all funded requests.
commented


Thank you @akhilcryptos for your code contribution. The reward linked to this issue has been transferred to your account.

  • Payment details can be tracked on Etherscan
  • Looking for more? Feel free to browse through all funded requests.