Mi jutalmazzuk, ha hibát találsz az Inlock rendszerében!

Elsődleges feladatunk, hogy a lehető legbiztonságosabb módon nyújtsuk szolgáltatásainkat, melyeknél egyensúlyt teremtünk a használhatóság és a biztonsági szempontok között. Bár mindent megtettünk annak érdekében, hogy a rendszereinket érő összes lehetséges támadást kiküszöböljük, mindig fennáll az esélye annak, hogy kihagytunk egy lényeges sebezhetőséget jelentő támadási pontot. Ha felfedezel egy hibát, kérünk, hogy jelentsd nekünk, így minél hamarabb orvosolni tudjuk a problémát. A jelentős hibák megtalálásáért jutalmat ajánlunk fel!
A képernyőolvasó bekapcsolásához nyomja meg a(z) Ctrl+Alt+Z billentyűket. A billentyűkódokról a(z) Ctrl+törtjel billentyűk együttes lenyomásával tudhat meg többet.

Segíts nekünk, hogy még erősebbek és biztonságosabbak lehessünk!

Are you ready to help us to improve our services? Great, please be surety follow the rules below:

  • Do not spam our infrastructure, or harass our colleagues, any kind of social engineering is not tolerable. Please do not try to perform distributed denial of service (DDoS) attack. Although our infrastructure and staff are protected against this attacks, but we know, there is no universal protection against these kind of attack vectors.
  • For investigation, please use your own account only!
  • Do not violate privacy of other customers.
  • Do not target or try to access other customers’ accounts.
  • Do not delete, erase or destroy any data.
  • Do not stop any services or switch in other states.
  • Send your finds and reports only to us. Otherwise you lose a right to a reward
  • Give us a reasonable amount of time to fix the bug before disclosing it to anyone else, and give us adequate written warning before disclosing it to anyone else.
  • In general, please investigate and report bugs in a way that makes a reasonable, good faith effort not to be disruptive or harmful to us or our users. Otherwise your actions might be interpreted as an attack rather than an effort to be helpful.

Eligibility

Following bugs is eligible for our rewards:

  • Code injection or remote code execution in our main infrastructure
  • Privilege escalation, access any administration function
  • Authentication bypass, access restricted functions
  • Leakage of sensitive, private or other customer’s business data
  • Cross-Site scripting (XSS) or Clickjacking

In special cases, other kind of bugs also can be eligible to get reward, but in those cases you have to prove how that bug harm our infrastructure or data protection. Theoretical, valid but inexploitable bugs also leads to ineligibility.

Ineligibility

Things that are not eligible for reward include:

  • Vulnerabilities on sites hosted by third parties (drift.com, Chatra, etc) unless they lead to a vulnerability on the main website.
  • Data or request meta expose to our trusted third party services providers (include data processing parties, based on privacy policy)
  • Vulnerabilities and bugs on the INLOCK blogs (inlock.io/blog, medium.com/@INLOCK)
  • Vulnerabilities contingent on physical attack, social engineering, spamming, DDOS attack, etc.
  • Vulnerabilities affecting outdated or unpatched browsers.
  • Vulnerabilities in third party applications that make use of INLOCK’s API.
  • Bugs that have not been responsibly investigated and reported.
  • Bugs already known to us, or already reported by someone else (reward goes to first reporter).
  • Issues that aren’t reproducible.
  • Issues that we can’t reasonably be expected to do anything about.

Rewards

  • Minimum reward for eligible bugs is the equivalent of 100 USD in ILK token
  • Depends on our assessment, we can pay higher rewards for serious issues. But the classification is our privilege.
  • We only pays one reward for a bug.

How to report

  • Send your bug report to [email protected]
  • Try to include as much information in your report as you can, including a description of the bug, its potential impact, and steps for reproducing it or proof of concept.
  • Include your Ethereum address for payment.
  • Please allow 5 business days for us to respond before sending another email.