The first public crypto exchange, which launched the development of basic infrastructure for the innovative finteсh-projects both in Ukraine and in foreign markets. TOP cryptocurrencies and tokens, high level of security and reliability, user-friendly interface, advanced API and respectful customer support round the clock.
Target | Type | Severity | Reward |
---|---|---|---|
admin.kunapay.io
| Web | Critical | Bounty |
dashboard.kunapay.io
| Web | Critical | Bounty |
api.kunapay.io
| API | Critical | Bounty |
kuna.io
| Web | Critical | Bounty |
api.kuna.io
| API | High | Bounty |
https://apps.apple.com/ua/app/kuna-io-покупка-продажа-btc/id1457062155?l=ru
| iOS | High | Bounty |
https://play.google.com/store/apps/details?id=kuna.beta
| Android | High | Bounty |
money.kuna.io | Web | Low | Reputation |
Target | Type | Severity | Reward |
---|---|---|---|
eos.kuna.io
| Web | None | Bounty |
investors.kuna.io
| Web | None | Bounty |
*.kuna.io | Web | None | Bounty |
[1] Sensitive actions include: depositing, trading, or sending money; OAuth or API Key actions whish lead to stealing user's money
[2] Privileged information includes: passwords, API keys, bank account numbers, social security numbers or equivalent
In some cases, we may reward other best practice or defense in depth reports at our own discretion. All services provided by KUNA Exchange are eligible for our bug bounty program, including the API and Exchange. In general, anything which has the potential for financial loss or data breach is of sufficient severity.
- Strict-Transport-Security
- X-Frame-Options
- X-XSS-Protection
- Host Header
- X-Content-Type-Options
- Content-Security-Policy, X-Content-Security-Policy, X-WebKit-CSP
- Content-Security-Policy-Report-Only
- Certificates/TLS/SSL related issues
- DNS issues (i.e. mx records, SPF records, DMARC records, etc.)
- Server configuration issues (i.e., open ports, TLS, etc.)
Responsible disclosure includes: