Our highest priority is the security and efficiency of all FortKnoxster solutions. That’s why we are offering an opportunity to community members, bounty hunters, any skilled individual or groups to submit your inputs for scaling the security of our platform.
But of course, we want to show our appreciation towards our bug hunter. So, we offer rewards to participants who succeed in this program.
FortKnoxster is built on blockchain technology and offers advanced end-to-end encrypted chat messenger, wallet, storage, videocalls, all within one web and mobile platform.
As security and privacy is our bread and butter, we at FortKnoxster look forward to working with the security community to find security vulnerabilities in order to keep our customers and our business safe.
To begin testing the FortKnoxster platform, please go to web.fortknoxster.com or use any of our apps:
Please note you will need a valid phone number to sign up. Any other scenario where you need more than one user, you will need to sign up using a different, unique phone number.
Our supported desktop browsers are Chrome, Firefox, Opera and Chromium-based browsers.
When reporting vulnerabilities, please consider the attack scenario / exploitability and security impact of the bug. The following issues are considered out of scope:
These are some of the vulnerabilities and bugs that we have special interest:
FortKnoxster will make the best effort to meet the following SLA’s for participants in our program:
Our rewards are based on severity per CVSS (the Common Vulnerability Scoring Standard). Initially, the reward shall be divided by threat level as specified below:
Please note these are general guidelines, and that reward decision is up to the discretion of FortKnoxster. The reward will be paid in FKX.
Any vulnerability or bug discovered should be reported only to the FortKnoxster team at Bug Bounty . As specified in our Disclosure Policy participants should not discuss or disclose any vulnerability (even resolved ones) outside of this program without express consent from FortKnoxster. Please ensure that you disclose vulnerabilities to the team as soon as you find them.
In order to help us understand the full context of the vulnerability, we require participants to include as much information as possible in your report. Overall, the more detailed your report is, the easier it will be for the team to triage and replicate the vulnerability.
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Finally, we would like to wish all participants and especially our community members, the best of luck with this program. We are glad to have you on board, assisting and supporting the security of FortKnoxster and all its users.