Public Romit bug reports.

Team Bounty Title
Romit $513 [CRITICAL]-Taking over entire subdomain of
Romit $50 Session Fixation
Romit $250 IDOR on remoing Share
Romit $250 GA code not verified on the server side allows sending Verification Documents on behalf of another user
Romit $250 No rate limit which leads to "Users information Disclosure" including verfification documents etc.
Romit $250 Potential for financial loss, negative Values for "Buy fee" and "Sell Fee"
Romit $50 Cross site scripting
Romit $50 HTML injection in email sent by
Romit $50 Server responds with the server error logs on account creation
Romit $50 The csrf token remains same after user logs in
Romit $50 Email Enumeration (POC)
Romit - CSRF token leakage
Romit $50 Frictionless Transferring of Wallet Ownership
Romit $250 stored xss in transaction
Romit $250 Stored XSS in api key of operator wallet
Romit $100 Error stack trace