TTC | Mobile

TTC

TTC Connect, a lightweight wallet designed specifically for TTC, it was used to receive and send TTC safely and easily!

In Scope

Target Type Severity Reward
iOS Critical Bounty
Android Critical Bounty
Android Critical Bounty
Severity (CVSSv3) Reward
Critical 5000$
High 2500$
Medium 750$
Low 250$

In-Scope Vulnerabilities


We are interested in next vulnerabilities:

  • Remote code execution and stored XSS
  • Database vulnerability, SQLi
  • Privilege escalation (both vertical and horizontal)
  • Data breach
  • Authentication bypass
  • Obtaining sensitive information
  • IDOR/authorization vulnerabilities resulting in exposure of personal data.
  • Password attacks
  • Access to source code
  • Shell inclusion
  • Server Side Request Forgery (SSRF)
  • Remote code execution: e.g. through a maliciously-crafted web-site or an email
  • Local privilege escalation: e.g. situations when App allows a non-privileged user
  • Other application to gain Administrator or System rights

!Note: Current version of application operates over HTTP.

  • Avoid compromising any personal data, interruption or degradation of any service .
  • Don’t access or modify other user data, localize all tests to your accounts.
  • Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks or spam.
  • In case you find chain vulnerabilities we pay only for vulnerability with the highest severity.
  • Only the first valid bug is eligible for reward.
  • Don’t disclose publicly any vulnerability until you are granted permission to do so.
  • Don’t break any law and stay in the defined scope.
  • The existence or any details of this private program must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company.
  • Comply with the rules of the program.
  • The rewards will be paid out in HKN based on the current price.