submit bug report: https://www.coinjar.com/global/bountyWhat are we looking for?
Bug Bounty - Cross Site Scripting.svg
Cross-site scripting
Bug Bounty - Cross Site Request Forgery.svg
Cross-site request forgery
Bug Bounty - Remote Code Execution.svg
Remote code execution
Bug Bounty - Click Jacking.svg
Click-jacking
Bug Bounty - Code Injection.svg
Code injection
Bug Bounty - Leaks of Sensitive Data.svg
Leaks of sensitive data
How it works
In order to claim a bug bounty, you must:
Discover an entirely unknown vulnerability.
Alert us before posting the bug anywhere else – and give us sufficient time to patch the issue.
Not use the exploit to steal money or data from CoinJar or its customers. If the exploit requires account access, you must use your own.
If you have any doubts or questions, email us at security@coinjar.com.
Ineligible bounties
We don’t reward bounties for any vulnerabilities not under our direct control. For example:
Social engineering
Issues requiring physical access to hardware
Vulnerabilities in 3rd party software (Ruby, nginx, etc)
Denial of Service
Usability issues
