Public
Romit
bug reports.
4,419
Bug Reports -
$2,030,173
Paid Out
Last Updated:
12th September, 2017
Team
Bounty
Title
Romit
$513
[CRITICAL]-Taking over entire subdomain of romit.io
Romit
$50
Session Fixation
Romit
$250
IDOR on remoing Share
Romit
$250
GA code not verified on the server side allows sending Verification Documents on behalf of another user
Romit
$250
No rate limit which leads to "Users information Disclosure" including verfification documents etc.
Romit
$250
Potential for financial loss, negative Values for "Buy fee" and "Sell Fee"
Romit
$50
Cross site scripting
Romit
$50
HTML injection in email sent by romit.io
Romit
$50
Server responds with the server error logs on account creation
Romit
$50
The csrf token remains same after user logs in
Romit
$50
Email Enumeration (POC)
Romit
-
CSRF token leakage
Romit
$50
Frictionless Transferring of Wallet Ownership
Romit
$250
stored xss in transaction
Romit
$250
Stored XSS in api key of operator wallet
Romit
$100
Error stack trace