Responsible Disclosure Includes:
- Providing LYPTOEX with a reasonable amount of time to fix the issue before publishing it elsewhere.
- Making a good faith effort not to leak or destroy any LYPTOEX user data.
- Not defrauding LYPTOEX users or LYPTOEX itself during discovery.
LYPTOEX promises not to take legal action against researchers who comply with these guidelines in good faith.
Rewards:
- Only verified users are eligible for payouts; verification details are in the [LYPTOEX Terms of Use].
- Minimum payout is $100 USD credited to your LYPTOEX account for valid, previously unknown vulnerabilities of sufficient severity.
- No maximum payout; higher rewards possible based on impact or creativity.
- Responsible researchers receive public attribution as thanks.
Eligibility:
LYPTOEX reserves the right to determine if a reported vulnerability is eligible for a bounty. Vulnerabilities of interest include:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Authentication bypass or privilege escalation
- Remote code execution
- Obtaining sensitive user information
- Accounting errors
Not of interest:
- Denial of service
- Spamming
- Misconfigured email authentication (SPF, DKIM, DMARC)
- Services not directly hosted or controlled by LYPTOEX
How to Disclose:
Report vulnerabilities by emailing: [security@lyptoex.net] (replace with actual email as needed)
Include:
- Reproducible code demonstrating the issue
- Detailed description and potential impact
- Your name and link for attribution (if desired)
- Your LYPTOEX wallet address for payout
PGP Key:
Use PGP for secure communication. Download LYPTOEX’s public PGP key here: [LYPTOEX PGP Key Link]
Thank You:
LYPTOEX values the efforts of responsible researchers in safeguarding the community and may publicly acknowledge contributors.
