submit bug report: https://support.onfocoin.com/hc/en-us/articles/360025769031-Bug-Bounty-ProgramVulnerability Disclosure Philosophy
We support responsible disclosure. We will acknowledge valid and original (i.e., the first reported instance) discoveries on Onfo web client or mobile app with the name of the security researcher(s) responsible. Currently, we don't have a formalized bug-bounty program payouts based on tiers of severity. However, we do still award bounties on a case by case basis.
We will not retaliate against researchers who report issues privately and in a responsible manner. We will do our best to reply to your findings in a timely manner and will keep you updated on the progress of the issue.
Report vulnerabilities to: drew@onfocoin.com
For encrypted communication utilize the below PGP key
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFyZIksBEAC33mMKr9al6yHz0DDin0MYdBngCeb9jVqG49h0kXt1zU13+ArK
cjCY0Rz2k09eSRp0MJ5aeKs2K1jIlPRqSwASTB1vSYa2nBv2BeAiZXyUTxEUoCDN
kZmS8HGQ8LN9tESOfltasH1pqV1o3dKjqpULQWwWC8Ha5cjYy7JPLuy0hZ/xtn+G
IgbZS6Z5GCWAnT+Qu5XiQnmbWocbut9A8vIL5T0nTgoqTRbbyDSBTx1vGMe6TLVW
Mxix/o2Xqte9thmHQCPxqfv+Xdnmk9qJ52WkgQmvqqUMRRWUPXD0mcpVdyzKQVVh
0Z62YR+WgQ9H4Cvg11D2BdKNQjkiwf5wXN+RPiswk4q8wPQT1DNaiUzN2o6ZARG8
r+GcQNXvlrXReQEeR2uE6EDR3ZKuis45F2uKdjgrjSim0gvlNplrbWWacYpd8RtH
d2wB73XWfl8uEVT9TyZnG5LuhV0tKiQL/cGShwV8dX/iEujUNyNAWI18RG7LZrtu
dBAl+xXEF/vNNlbTlbUZQwVK82N5VdGnJe58yLHW2k4hHNW8Htn6WOj27PbE4qRZ
UY81rkFNQjbQZee6BoqeE9CCIaYe8zeSnzhlEmURG2EvIb5jgCnrm1IZe2SbaDAI
iJhU1y9MFLIHpy05nZiFsTly0RS+LgiE2yBtVz7f8zhaGEfHN3ITwdaMpQARAQAB
tB5EcmV3IFBhdGVsIDxkcmV3QG9uZm9jb2luLmNvbT6JAlQEEwEIAD4WIQQwOejv
r6Te5r9RL/u3w8KL9WlGdgUCXJkiSwIbAwUJB4YfgAULCQgHAgYVCgkICwIEFgID
AQIeAQIXgAAKCRC3w8KL9WlGdoxRD/96IPQf6kbGMgbmMPF4z4/0NmsiO3VECXNE
mdsdz0zXwfSt+UmDWqXCeVnueZ0LMGARdwEe+6EPctE+Mvh0blO4krHV2XQLX+T1
izIntmMUjIOWNq2P8RbtBB8ztnyg05nyeB2wmRjKCHXO1Ie4fLz2wlkuQW2QeuFr
OWNweG0L/M5lmhsB18bcB55I5MV0cVi0kAHxiR3r25UlvfcxCifToscnjyICB/nY
UNl+kFjzFwKUY590BnRHM9d/x3yK+Kd9YxuhWYldK9WCsv9rGwRK8RP0UdGTGx1e
j8M2Q5hHZ8CxZrIJ4PqvV1yMiNtwnfeO/x0DsZbelk/mGQMdxIDsbq6u992hlSed
CjCFmvCoru3ZEXETpWTBHnQyhMEVAPwB8fgL02qNQMHNWqLoJ4mT6EzjS+fZ83K9
xtqtRj7whTiWaq5fsNs8l9QFJ2NqkzZIjDq+W8IKAuTuXwtaYvRlnIxU+M+EoKWa
tCPU/hK5YCDxFmMhcQtVVwSap6ZfFdoIH88flZ4z4bEQZSWn+7Jgn0dw6j083FiP
iKWaua6fCwuCwSM1jmfRgiiai9Hr+59mLMJoqeoa7zzaO+ngEWC1ht2c/3bLT8rr
fEd8sr/CCD0L5A5ChFeAVTiqkKU2hB0r+JeUFWqq7OcNlnfe/CwXswERlzC3shBO
GEYcIyfNrLkCDQRcmSJLARAAx5YNuzAlUjCEz8aHx/mLPrLzPusiisrSIyDReM2W
tc53zM55fAHtLFKrOF6rpy9dOQdS9u0jO+fvMtMpCMDFh4l/tM/445W4g79czXA/
U064v/8FR3v+VA6qW+yEC/CXvdpor4tKReE52bextFEJra/2s8huTGwLbcnoGGuh
ZgVNReM/owCsaTwja9lDXc73bnZi/d+F4NQF+/NCT7w4djrpI/ykgul+rEgH+wdc
Ak+628SAhaHP4ytZpb3wCqMurU29wYJvzz+OVkIZQyGUPk0SE3WmXBpYRX+JFZ3P
hK9OalU90fzY29suPPGCp/Q4Y/xAFtD/g77Ud5szpd7WC97JmeEh7fK1b0W0NYMp
lBgyJKQxjeloABfIax3I+2Pp8zgxBKVNwS+n1A8S0rn43seDKpHhpQzmKl2cQWU0
hOUnDA7vEpEYYDAMF9Hqe/9jzfkYsx+IBdHiDPxTFb0frDDGCMLP3lKlJlkoCMp1
EeFxs9IBPduVQrOjjeXJhftKVFQS/Er8zXnQvK1F8ZpC8zlKRvngZRQKLA+Y2wWJ
5upwaZObsN+iWiSfjQnWoJoDsE3Coa8aydWfJggOIZzG9midEcXcul7E6GMB2nK5
WL6BNmbTnsjxUkGM9VS86jTTSnCFeJYXwwZyMfqVXjYC5jFK7c/rYmCp2UEzADo+
iGEAEQEAAYkCPAQYAQgAJhYhBDA56O+vpN7mv1Ev+7fDwov1aUZ2BQJcmSJLAhsM
BQkHhh+AAAoJELfDwov1aUZ29RIQALcaAoaEqvZ2BBZOJTQO/Q5jgCMhEXngzkTF
Wc7HBHJhPboaCxhWLddMVVcwYBDrpTumAJnuBjgpCpRdloM+AF+254VBlvUt5Ka/
8Bgd/qdsrIzDzbcA3Jeg2/L5yAI8szOoIlT+F1UVRHnmsXqIqh07Nzx4Qf+EBFbJ
5cA2kg5a56ppvVDn1Rh/+DaxTcvKlM/zpxQ9qk4wKnbO3ggQ717Yk6Ll7LRgk0Ky
ryWNX0BtjRkhOgxndcrmcH7KfYvlxIOPL215Kj+WlBWN1Bj9qgkINJ8aJ3qcil8R
FOc2PdFeIoYMW87/A/mrViin80RVS8w26oJf5V0UeU5qiJ9aX7PLdifV/cSAPUgR
v8YGe6eYp8ApZYX9yDtpPUNiEa1OgNO3cxje/ArOuVKm2qMJ/l4JqNMlfBtzeTmw
50BjIZCtdx9PwsNt1L0ix13LO4q3BrNT1yb5Oh0pH/8t2ZdTDHf2whbqOsTws0BT
vM7RVFjWPDVe2n9sgEoYEDHNYInuSCeCyafLIsmXB5dReNHzF3mtLkjbAXEIrh+p
lJoMcMULY5ZEvvxlKqVWOmNvRHRF2mkUL+NaKFt/khEcVwNNxI0+luDj68qb7fgF
CdHmHnijEpijyixiGbn6rhpkEGRmujRaPHY/u9TtuwYdl67IfbsgUctkbCeD2PaW
wC+NINtF
=zD9s
-----END PGP PUBLIC KEY BLOCK-----
