Bug Bounty

The main aim of our bug bounty program is to secure the data of our various users and help them provide a safe and secure platform for trading in digital assets. Therefore, our approach is to evaluate any given report based on the specific security impact for users.

Besides our scope, it’s worth mentioning a few tenets of our program:

  • We expect respectful interactions, with researchers and our team treating each other as peers -- being willing to learn/teach and assuming best intents, always.
  • You can expect our team will assess impact of each report to determine maximum security impact, including transparency behind our reasoning and interpretation of impact.

Responsible Disclosure:

ROLLCOIN understands the importance of security on our platform. We encourage responsible disclosure of the vulnerabilities via our bug bounty program. Responsible disclosure includes:

  • Not leaking and destroying any ROLLCOIN data and not violating the privacy of other data.
  • Do not target any potential bug by attempting to use social engineering, spam, distributed denial of service(DDOS) attacks, etc.
  • Not making fraud transactions on ROLLCOIN in the process of discovery.
  • Providing us reasonable amount of time in order to fix the issues before disclosing it to someone else.

ROLLCOIN understands the importance of security on our platform. We encourage responsible disclosure of the vulnerabilities via our bug bounty program. Responsible disclosure includes:

  • Privilege Escalation
  • Cross-Site Request Forgery (CSRF)
  • Cross-Site Scripting (XSS)
  • Authentication Bypass
  • Leakage of Sensitive Data
  • Code Injection
  • Clickjacking
  • Remote Code Execution

How to report a bug:

Please follow the steps mentioned below in order to report a bug:

  • Send your bug report to team@rollcoin.com.
  • Provide a complete description of the bug, its impact on the security and services of the platform and suggestions or proof of concept.
  • Attach screenshots or any related files if required.
  • Include your name and wallet address for payment of rewards.
  • Allow us 3 business days in order to get in touch with you.
  • Provide us a reasonable amount of time to fix the issue and do not disclose the issue with anyone else.

ROLLCOIN pays credits to all the people who have helped with the security of our platform. Thank you for keeping ROLLCOIN community safe.

Bug bounty