Map Node
  • What is MapNode?
  • Why MapNode?
  • MapCex - Modern and Secure Centralized Exchange
  • Explore The Latest Crypto Market MapScan
  • MapMarketCap – Comprehensive Cryptocurrency Market Information Portal
  • Project
    • Team
    • Gallery
    • Social Link
    • Partners
  • HOW TO CAN I GET MAPSCAN TOKEN (MAP)
    • Token
    • Validators
  • MapWallet
    • What is the MapWallet?
    • Savings to Earn
      • Savings Policy
  • Listing
    • Dexs
    • Exchange
    • Market
  • Developer Guide
    • 🪐Ethereum DApps Integration
    • 🪐BNB Chain DApps Integration
    • 🪐Polygon DApps Integration
    • 🪐Solana DApps Integration
    • 🪐Near DApps Integration
    • 🪐Cosmos DApps Integration
    • 🪐Secret DApps Integration
    • 🪐KAVA DApps Integration
    • 🪐Persistence DApps Integration
    • 🪐Terra DApps Integration
    • 🪐Ronin DApps Integration
    • 🪐Boba DApps Integration
    • 🪐Harmony DApps Integration
    • 🪐Klaytn DApps Integration
  • Bug Bounty Program
  • Legal
    • Terms of Service
    • Privacy Policy
    • Launchpad Policy
    • AML Policy
Powered by GitBook
On this page

Bug Bounty Program

PreviousKlaytn DApps IntegrationNextTerms of Service

Last updated 2 years ago

1. Guidelines

We ask that all researchers:

  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing

  • Use the identified communication channels to report vulnerability information to us

  • Report vulnerabilities as soon as you discover it, but keep it confidential between yourself and Etherscan until we’ve resolve the issue.

  • Provide us with at least 7 working days to investigate the issue and revert back to you

2. If you are the first to report the issue, and we make a code or configuration change based on the issue, we commit to:

  • Recognize your contribution on mapnode.io (list below for the last 50 contributors)

  • Reward you with a bounty (up to a maximum of $2500 paid out per month): - $1000-$3000 in crypto equivalent if you identified a vulnerability that presented a critical risk * - $500 in crypto equivalent if you identified a vulnerability that presented a high risk * - $250 in crypto equivalent if you identified a vulnerability that presented a moderate risk * - $0 in crypto equivalent if you identified a vulnerability that presented a low risk * - Entry in Hall of Fame Only, If there was in fact no or low risk vulnerability, but we still made a code or configuration change nonetheless Researcher will provide us with an bsc bep20 address for the payout within 7 days after we have resolved the issue. * vulnerability level will be determined at our discretion ** in the event the vulnerabilty exists in multiple explorers, only the first explorer is entitled to the rewards

3. Scope

WebSite: We are interested in the following vulnerabilities: • Business logic issues • Remote code execution (RCE) • Database vulnerability, SQLi • File inclusions (Local & Remote) • Access Control Issues (IDOR, Privilege Escalation, etc) • Leakage of sensitive information • Server-Side Request Forgery (SSRF) • Other vulnerability with a clear potential loss

4. Out of scope

Vulnerabilities found in out of scope resources are unlikely to be rewarded unless they present a serious business risk (at our sole discretion). In general, the following vulnerabilities do not correspond to the severity threshold • Visual typos, spelling mistakes, etc • Findings derived primarily from social engineering (e.g. phishing, etc) • Findings from applications or systems not listed in the ‘Scope’ section • UI/UX bugs, Data entry errors, spelling mistakes, typos, etc • Network level Denial of Service (DoS/DDoS) vulnerabilities • Certificates/TLS/SSL related issues • DNS issues (i.e. MX records, SPF records, etc.) • Server configuration issues (i.e., open ports, TLS, etc.) • Spam or Social Engineering techniques • Security bugs in third-party applications or services • XSS Exploits that do not pose a security risk to 'other' users (Self-XSS) • Login/Logout CSRF-XSS • https/ssl or server-info disclosure related issues • https Mixed Content Scripts • Brute Force attacks • Best practices concerns • Recently (less than 30 days) disclosed 0day vulnerabilities • Username/email enumeration via Login/Forgot Password Page error messages • Missing HTTP security headers • Weak password policy

5. How to Report a Security Vulnerability

• Description of the location and potential impact of the vulnerability • A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures are all helpful to us) • Your name/handle and a link for recognition in our recognitaion Hall of Fame (twitter, reddit, facebook, hackerone, etc) • Email us at support@mapnode.io

https://mapnode.io