Security bounties
Get rewarded for disclosing bugs on our platform

LocalRipple security contact and vulnerability reporting

LocalRipple recognizes the importance of security researchers in helping keep our community safe. We encourage responsible disclosure of security vulnerabilties.

Responsible Disclosure

Responsible disclosure includes

  1. Providing us a reasonable amount of time to fix the issue before publishing it elsewhere.
  2. Making a good faith effort to not leak or destroy any LocalRipple user data.
  3. Not defrauding LocalRipple users or LocalRipple itself in the process of discovery.

In order to encourage responsible disclosure, we promise not to bring legal action against researchers who point out a problem provided they do their best to follow the above guidelines.

Thank you for helping keep the bitcoin community safe!

Rewards

LocalRipple is willing to reward the security researchers for bug reports that help us to improve our security. However, the company reserves right to evaluate reported vulnerabilities, their relevance and risk level, and based on that, make the decision on possible reward.

Focus areas

We are especially interested and willing to reward for following type of vulnerabilities:

  • Stored and reflected XSS
  • RCE / command injections
  • SQL injections
  • XML injections / XXE
  • Serious data leakage vulnerabilities
  • CSRF or broken session management with exploitable PoC
  • SSRF
  • Authentication and authorization flaws

Findings that are non-rewardable

  • Error messages, stack traces
  • Lack of SPF records
  • Disclosure of used software versions
  • Misconfigured or lack of certain HTTP headers
  • Vulnerabilities that are not exploitable in modern browsers
  • Lack of Secure and HttpOnly flags in cookies, that are not considered sensitive
  • Username or email enumeration
  • DoS attacks or spamming