TTC Connect, a lightweight wallet designed specifically for TTC, it was used to receive and send TTC safely and easily!
In Scope
| Target | Type | Severity | Reward |
|---|---|---|---|
TTC Connect Wallethttps://itunes.apple.com/us/app/ttc-connect-wallet/id1436822085?mt=8 |
iOS | Critical | Bounty |
| Android | Critical | Bounty | |
TTC Connect APK |
Android | Critical | Bounty |
In-Scope Vulnerabilities
We are interested in next vulnerabilities:
- Remote code execution and stored XSS
- Database vulnerability, SQLi
- Privilege escalation (both vertical and horizontal)
- Data breach
- Authentication bypass
- Obtaining sensitive information
- IDOR/authorization vulnerabilities resulting in exposure of personal data.
- Password attacks
- Access to source code
- Shell inclusion
- Server Side Request Forgery (SSRF)
- Remote code execution: e.g. through a maliciously-crafted web-site or an email
- Local privilege escalation: e.g. situations when App allows a non-privileged user
- Other application to gain Administrator or System rights
!Note: Current version of application operates over HTTP.
- Avoid compromising any personal data, interruption or degradation of any service .
- Don’t access or modify other user data, localize all tests to your accounts.
- Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks or spam.
- In case you find chain vulnerabilities we pay only for vulnerability with the highest severity.
- Only the first valid bug is eligible for reward.
- Don’t disclose publicly any vulnerability until you are granted permission to do so.
- Don’t break any law and stay in the defined scope.
- The existence or any details of this private program must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company.
- Comply with the rules of the program.
- The rewards will be paid out in HKN based on the current price.