{"id":16144,"date":"2025-05-09T03:55:44","date_gmt":"2025-05-09T03:55:44","guid":{"rendered":"https:\/\/www.pionex.us\/blog\/?p=16144"},"modified":"2025-05-09T05:31:51","modified_gmt":"2025-05-09T05:31:51","slug":"pionex-us-vulnerability-bounty-program","status":"publish","type":"post","link":"https:\/\/www.pionex.us\/blog\/pionex-us-vulnerability-bounty-program\/","title":{"rendered":"Pionex.US Vulnerability Bounty Program"},"content":{"rendered":"\n<p><strong>About the Program<\/strong><\/p>\n\n\n\n<p>Safety and security are our top priorities at Pionex.US. To eliminate the system vulnerabilities and further improve Pionex.US services, Pionex.US launched the vulnerability bounty program for all security researchers.<\/p>\n\n\n\n<p>We will evaluate all reported security issues based on the security impact on users and assets, and rewards will be paid in USDT once your submission is accepted.<\/p>\n\n\n\n<p>Please be advised that only reports with a detailed description of the vulnerability and complete working proof of concept are qualified for the rewards. For researchers filing reports on severe issues that may have an extreme security impact, Pionex.US may offer an additional reward.<\/p>\n\n\n\n<p>If you would like to report a security vulnerability, claim your bounty rewards, or have any questions about this program, please feel free to contact us at\u00a0security@pionex.us.<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p><strong>Scope<\/strong><\/p>\n\n\n\n<p>In-scope targets:<\/p>\n\n\n\n<p>\u00b7\u00a0*.pionex.us<\/p>\n\n\n\n<p>\u00b7\u00a0Pionex.US iOS App<\/p>\n\n\n\n<p>\u00b7\u00a0Pionex.US Android App<\/p>\n\n\n\n<p>Out-of-scope targets:<\/p>\n\n\n\n<p>\u00b7\u00a0blog.pionex.us<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p><strong>Rewards<\/strong><\/p>\n\n\n\n<p>Once your submission is accepted, please provide either of the following to receive your reward.<\/p>\n\n\n\n<p>\u00b7\u00a0Your Pionex.US account, or<\/p>\n\n\n\n<p>\u00b7&nbsp;Your USDT wallet address<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p><strong>Level of Severity and Reward Range<\/strong><\/p>\n\n\n\n<p><strong><em>P1: 3,000 \u2013 10,000 USDT<\/em><\/strong><\/p>\n\n\n\n<ul><li>Vulnerabilities that undermine user assets\u2019 security<\/li><li>Vulnerabilities that bypass the applications or procedures under normal trading logic<\/li><li>Vulnerabilities that could remotely access essential information and authentication information of users<\/li><li>Vulnerabilities related to key generation, encryption, decryption, signing, and verification<\/li><\/ul>\n\n\n\n<p><strong><em>P2: 1,000 \u2013 2,000 USDT<\/em><\/strong><\/p>\n\n\n\n<ul><li>Vulnerabilities that lead to high-risk information leakage<\/li><li>Vulnerabilities with a similar impact as P1 vulnerabilities but are dependent on specific prerequisites<\/li><\/ul>\n\n\n\n<p><strong><em>P3: 300 \u2013 1,000 USDT<\/em><\/strong><\/p>\n\n\n\n<ul><li>Vulnerabilities that lead to the leakage of part of the users\u2019 info through interaction or financial fraud<\/li><li>Vulnerabilities that cause Pionex.US to be unable to respond to users\u2019 requests from the web or mobile Apps.<\/li><\/ul>\n\n\n\n<p><strong><em>P4: 50 \u2013 200 USDT<\/em><\/strong><\/p>\n\n\n\n<ul><li>Vulnerabilities due to product design defects that do not affect the security of users\u2019 assets.<\/li><li>Vulnerabilities that lead to Denial of Service of core Pionex.US services<\/li><\/ul>\n\n\n\n<p>To report an issue\u00a0<strong>without<\/strong>\u00a0security impact, please contact Pionex.US Online Support (the Chat icon is located at the bottom right of the\u00a0<a href=\"https:\/\/www.pionex.us\/en-US\/\" target=\"_blank\" rel=\"noreferrer noopener\">Pionex.us<\/a>\u00a0homepage).<\/p>\n\n\n\n<p><strong><em>Reports NOT Qualified for the Rewards<\/em><\/strong><\/p>\n\n\n\n<p>The following issues are not qualified for the reward:<\/p>\n\n\n\n<ul><li>Theoretical vulnerabilities without actual proof of the concept<\/li><li>Email verification defects, expiration of password reset links, and password complexity policies<\/li><li>Invalid or missing SPF (Sender Policy Framework) records (incomplete or missing SPF\/DKIM\/DMARC)<\/li><li>Clickjacking\/UI redressing with minimal security impact<\/li><li>Email or mobile enumeration (e.g., the ability to identify emails through password resetting)<\/li><li>Information leakage with minimal security impact (e.g., stack traces, path disclosure, directory listings, logs)<\/li><li>Internally known issues, recurring issues, or issues already published&nbsp;<\/li><li>Tabnabbing<\/li><li>Self-XSS<\/li><li>Vulnerabilities only applicable to outdated versions of browsers or platforms<\/li><li>Vulnerabilities related to auto-fill web forms<\/li><li>Use of vulnerable libraries already known without actual proof of concept<\/li><li>Lack of security flags in cookies<\/li><li>Issues related to unsafe SSL\/TLS cipher suites or protocol version<\/li><li>Content spoofing<\/li><li>Issues related to cache control<\/li><li>Vulnerabilities exposing internal IP addresses or domains<\/li><li>Lack of security headers that do not lead to direct exploitation<\/li><li>CSRF with negligible security impact (e.g., added to favorites and subscribed non-vital features)<\/li><li>Vulnerabilities that require root\/jailbreak<\/li><li>Vulnerabilities that require physical access to the device of users<\/li><li>Issues with no security impact (e.g., failure to load a web page)<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p><strong>Terms &amp; Conditions<\/strong><\/p>\n\n\n\n<ul><li>Pionex.US reserves the rights to the final explanation of the bounty program and retains the discretion to terminate or change the rewards or bounty rules.<\/li><li>Only the first verified vulnerability report on a specific security issue will be rewarded. Later, similar reports will not be rewarded.<\/li><li>The reviewing of the reports will generally take approximately 1-2 weeks. Pionex.US shall decide the results of any review at its own discretion.\u00a0<\/li><li>Rewards will be issued to your Pionex.US account or wallet address in 2 weeks after a vulnerability report is approved and verified. We will let you know by email once the reward is issued.<\/li><li>Security researchers conducting or facilitating others to conduct malicious attacks on Pionex.US will not be qualified for any reward.<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>About the Program Safety and security are our top priorities at Pionex.US. To eliminate the system vulnerabilities and further improve Pionex.US services, Pionex.US launched the vulnerability bounty program for all security researchers. We will evaluate all reported security issues based on the security impact on users and assets, and rewards will be paid in USDT <a href=\"https:\/\/www.pionex.us\/blog\/pionex-us-vulnerability-bounty-program\/\" class=\"more-link\">&#8230;<span class=\"screen-reader-text\">  Pionex.US Vulnerability Bounty Program<\/span><\/a><\/p>\n","protected":false},"author":12,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.pionex.us\/blog\/wp-json\/wp\/v2\/posts\/16144"}],"collection":[{"href":"https:\/\/www.pionex.us\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pionex.us\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pionex.us\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pionex.us\/blog\/wp-json\/wp\/v2\/comments?post=16144"}],"version-history":[{"count":2,"href":"https:\/\/www.pionex.us\/blog\/wp-json\/wp\/v2\/posts\/16144\/revisions"}],"predecessor-version":[{"id":16146,"href":"https:\/\/www.pionex.us\/blog\/wp-json\/wp\/v2\/posts\/16144\/revisions\/16146"}],"wp:attachment":[{"href":"https:\/\/www.pionex.us\/blog\/wp-json\/wp\/v2\/media?parent=16144"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pionex.us\/blog\/wp-json\/wp\/v2\/categories?post=16144"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pionex.us\/blog\/wp-json\/wp\/v2\/tags?post=16144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}