Lootex
English
English
  • ABOUT US
    • About Lootex
    • What Do We Do
      • NFT Marketplace
      • Launchpad
      • NFT Studio
      • NFT Giveaway
      • Go-to-market
    • Our Backers
    • Join Us
    • Become our partner
    • Bug Bounty Program
  • SMART CONTRACTS
    • Addresses
    • Audit Report
  • ADDITIONAL RESOURCES
    • Terms of Service
    • Discord
    • X (Twitter)
Powered by GitBook
On this page

Was this helpful?

  1. ABOUT US

Bug Bounty Program

PreviousBecome our partnerNextAddresses

Last updated 10 months ago

Was this helpful?

Lootex applies itself to the most trustworthy game asset marketplace and tries the best to assure the safety of trading. Devoting ourselves to building a better trading experience, we deliver a bug bounty program for those who help us improve in the technical field. Here is something we hope you to know before you submit a report.

Time of Processing

  • First response: 2-3 business days after .

  • Triage & confirmation: 5-7 business days, it might take longer depending on the bugs.

  • We are sending a reward in 30 business days.

Rules of Report

  • Please submit the report with detailed reproducible steps.

  • The same vulnerability is only rewarded once, to the first submitter.

  • Please don't share any information about the vulnerabilities to others until they are fixed, or the bounty won't be given away.

  • The vulnerability should be within the domain lootex.io.

Out-of-Scope Vulnerabilities

  • Clickjacking on pages with no sensitive actions

  • Broken external links

  • Rate limiting or brute force issues on non-authentication endpoints

  • Denial of service attacks (DDOS/DOS)

  • Missing HttpOnly or Secure flags on cookies

  • Vulnerabilities only affect users of outdated or unpatched browsers (Less than 2 stable versions behind the latest released stable version)

  • Previously known vulnerable libraries without a working Proof of Concept.

  • Public Zero-day vulnerabilities that have had an official patch for less than 1 month will be awarded on a case-by-case basis.

  • Attacks requiring MITM or physical access or control over a user's device.

  • Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions

  • Open redirect - unless an additional security impact can be demonstrated

  • Clickjacking within an NFT displayed on lootex.io

  • Software version disclosure / Banner identification issues / Descriptive error messages or headers (e.g. stack traces, application or server errors).

  • Vulnerabilities within domains from third-party service providers.

Reward

Level

Amount

Low

-

Mid

30-50

High - Critical

100

contacting us