The SDK allows developers and communities to easily integrate TTC Protocol into their services which will grant access to the TTC Ecosystem. The release of TTC SDK lays the foundation for DAPPs in TTC Ecosystem and TReE (TTC Reward Engine.) Currently, TTC SDK is implemented into tataUFO and ALIVE, the first two DAPPs in the TTC Ecosystem.
In Scope
| Target | Type | Severity | Reward |
|---|---|---|---|
TTC SDK Android |
Android | Critical | Bounty |
TTC SDK iOS |
iOS | Critical | Bounty |
Documentation
- TTC SDK Docs - https://docs.ttc.eco/
- Getting Started with the TTC SDK for Android - https://docs.ttc.eco/Android/
- Getting Started with the TTC SDK for iOS - https://docs.ttc.eco/ios/
In-Scope Vulnerabilities
TTC accepts all reports that demonstrate vulnerabilities and has real-life impact. Those reports are rewarded in accordance to the severity of the vulnerability. Some examples of security issues in scope of the program for TTC are listed below:
- Business Logic
- Privilege escalation
- Cryptography issues
- Account management flows
- Transactions forging
- Database vulnerability
- Privilege escalation
- Authentication bypass
- Sensitive data exposure
- Avoid compromising any personal data, interruption or degradation of any service .
- Don’t access or modify other user data, localize all tests to your accounts.
- Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks or spam.
- In case you find chain vulnerabilities we pay only for vulnerability with the highest severity.
- Only the first valid bug is eligible for reward.
- Don’t disclose publicly any vulnerability until you are granted permission to do so.
- Don’t break any law and stay in the defined scope.
- Any details of found vulnerabilities must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company without appropriate permission.
- Comply with the rules of the program.
- The rewards will be paid out in HKN based on the current price.