Bitswift Cash
Focused on business applications, Bitswift comes with a community and support network of tech pros that have been working with blockchain since its inception. However, Bitswift is more than just a blockchain and token. Bitswift is composed of community, companies, and customers from all sectors including real estate, healthcare, governance, supply chain management, retail, and much more.
PoC required
Rewards by Threat Level
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains, encompassing everything from consequence of exploitation to privilege required to likelihood of a successful exploit.
Critical-level payouts are only applicable when the vulnerability results in users being able to withdraw more than they are supposed to be able to or when their accounts are credited more than the actual deposit or when the user is able to claim more crypto than the stipulated time period allows. Otherwise, they may be classified as High.
Additionally, all web and app bug reports without proof of concept exploits with demonstrated impact, as well as recommendations for new features, are not accepted.
There is currently a total bounty pool of CAD $5,710. Because of this, if there are valid bug reports covering different vulnerabilities submitted where the total reward amount is greater than the remaining bounty pool amount, the appropriate reward levels will be provided on a first-come-first-served basis, and the total bounty pool will be used to reward reports on this priority system until exhausted. This amount will be updated as rewards are paid out and rewards will adjust accordingly.
Payouts are handled by Bitswift directly. The USD amount published is just an estimate. In the event of a discrepancy between the CAD and USD exchange rates with the estimate provided on this page, the prevailing CAD rate will apply. However, payouts are done in BTC, ETH, CASH or BITS. Before any payout, the bug must first be verified and validated by Bitswift.
Program Overview
Focused on business applications, Bitswift comes with a community and support network of tech pros that have been working with blockchain since its inception. However, Bitswift is more than just a blockchain and token. Bitswift is composed of community, companies, and customers from all sectors including real estate, healthcare, governance, supply chain management, retail, and much more.
Bitswift.cash allows people to conveniently participate in the token economy, providing an accessible interface interconnecting blockchains, leaving the user in control of their own personal digital information.
The bug bounty program is focused around bugs that relate to the ability to exploit the deposit, withdrawal, and claim processes on https://bitswift.cash. Bitswift seeks to ensure its claim, deposit, and withdrawal systems are functioning as intended and cannot be exploited to any user's advantage.
KYC not required
No KYC information is required for payout processing.
Prohibited Activities
- Any testing on mainnet or public testnet deployed code; all testing should be done on local-forks of either public testnet or mainnet
- Any testing with pricing oracles or third-party smart contracts
- Attempting phishing or other social engineering attacks against our employees and/or customers
- Any testing with third-party systems and applications (e.g. browser extensions) as well as websites (e.g. SSO providers, advertising networks)
- Any denial of service attacks that are executed against project assets
- Automated testing of services that generates significant amounts of traffic
- Public disclosure of an unpatched vulnerability in an embargoed bounty
- Any other actions prohibited by the Immunefi Rules
Feasibility Limitations
The project may be receiving reports that are valid (the bug and attack vector are real) and cite assets and impacts that are in scope, but there may be obstacles or barriers to executing the attack in the real world. In other words, there is a question about how feasible the attack really is. Conversely, there may also be mitigation measures that projects can take to prevent the impact of the bug, which are not feasible or would require unconventional action and hence, should not be used as reasons for downgrading a bug's severity. Therefore, Immunefi has developed a set of feasibility limitation standards which by default states what security researchers, as well as projects, can or cannot cite when reviewing a bug report.