Instruction: Production Environment
Account creation for this asset is only accessible for users within the US
Integrity requirements:
Max severity: critical
Asset identifier: *.chime.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Production Environment
Account creation for this asset is only accessible for users within the US
Integrity requirements:
Max severity: critical
Asset identifier: *.chimebank.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Production Environment
Account creation for this asset is only accessible for users within the US
Integrity requirements:
Max severity: critical
Asset identifier: *.chimecard.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Production Environment
Account creation for this asset is only accessible for users within the US
Integrity requirements:
Max severity: critical
Asset identifier: *.chimepayments.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements:
Max severity: critical
Asset identifier: *.chmfin.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements:
Max severity: critical
Asset identifier: Android Chime App Development Environment
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Development Environment Android Chime App:
https://app.bitrise.io/artifact/62998755/p/18c7ecb61c723ffa7fca84d88a614f82
Integrity requirements:
Max severity: critical
Asset identifier: PayFriends/PayAnyone Features
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Pay Friends is a fast and safe way to send money to any of your friends and family through the existing Chime app at the bottom of the app screen.
We are open to all findings that show impact but encourage researchers to test for any transactions inconsistencies such as:
- A person sent the money but the money stayed in their account
- A person sent the money but the recipient didn't receive it and they money was actually moved from the initial account
- Receive or less money more than is sent
For more details on this feature please refer to the documents below:
Testing instructions:
https://docs.google.com/document/d/1ZU-Hhde5YGBM_72SPqviQHyHid5sNtvDg41Vhkwr-dw/
Example API Endpoints and Queries:
https://docs.google.com/document/d/1G6ef-lc17jLS0Fsa03ptC9Kp__gUmzqd1CALEgiVUHg/edit?usp=sharing
Integrity requirements:
Max severity: critical
Asset identifier: com.1debit.ChimeProdApp
Asset type: APPLE_STORE_APP_ID
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Production Environment iOS Chime App:
https://apps.apple.com/us/app/chime-mobile-banking/id836215269
Integrity requirements:
Max severity: critical
Asset identifier: com.onedebit.chime
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Production Environment Android Chime App:
https://play.google.com/store/apps/details?id=com.onedebit.chime
Integrity requirements:
Max severity: critical
Asset identifier: iOS Chime App Development Environment
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Development Environment iOS Chime App:
https://app.bitrise.io/artifact/62991675/p/8787ddff0d1d5c82d86974f7e529f2a2
