The eosfinex Bug Bounty

Two weeks ago we launched the eosfinex testnet to great excitement from the eosfinex development team.

With a huge milestone reached, our attention has now shifted towards our upcoming beta exit to signal the complete launch of eosfinex.

To assist with this we are pleased to announce the start of the eosfinex bug bounty program, featuring rewards worth up to $10000 for the discovery of potential exploits.

Specifications

• The eosfinex UI can be found at paper.eosfinex.com/#/.
• The sidechain API eos node HTTP API is at api-paper.eosfinex.com with the contract “eosfinex” for the exchange and “eosio.token” as the token contract.
• On mainnet we use “finexpaprgtw” as gateway account. All transfers to our sidechain go through this account.
• The WebSocket API is located at: wss://api-paper.eosfinex.com/ws/.
• Our WebSocket client library, already open-source: github.com/bitfinexcom/sunbeam.
• Importer for historical data: github.com/bitfinexcom/moonbeam-history.
• A utility REST endpoint: github.com/bitfinexcom/moonbeam / URL: api-paper.eosfinex.com/rest.

Bug Bounty Rules

• The eosfinex bug bounty will be judged according to common bug bounty severity classifications as judged by the eosfinex team.
• Only software-related security bugs count.
• If a submission is accepted, payouts will go to the first submitter of the issue.

Eligibility

Any bug that acts as a serious vulnerability, either to the security of our site or the integrity of our system, can be eligible. Please keep in mind that all issues are up to the discretion of the eosfinex team.

This includes (in some cases):

• Cross-Site Request Forgery (CSRF)
• Cross-Site Scripting (XSS)
• Remote Code Execution (RCE)
• Code Injection
• Privilege Escalation
• Authentication Bypass
• Clickjacking
• Leakage of Sensitive Data

Submissions

Please direct all submissions towards forms.gle/2Ty1rcEfNRkrBqnC6. Please include the following components:

• A complete description of the attack vector.
• Steps required to reproduce the vulnerability.
• An overview of expected vs actual results.
• Your email address.
• EOS address for payment.

We look forward to reviewing your submissions and preparing eosfinex for mainnet launch with your help.

The eosfinex development team will be active in our Telegram channel to discuss any potential issues further.

The eosfinex testnet is here! Try it out on paper.eosfinex.com.

For tutorials on how to navigate the eosfinex beta, visit ‘Tutorials and Lessons’.

Follow eosfinex on Twitter, Telegram & LinkedIn for up-to-date developments and announcements.