Instruction: Backend services for our Monolith product are provided under this domain.
Integrity requirements: high
Max severity: critical
Asset identifier: *.tokensvc.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: Backend services for our token.com product are provided under this domain.
Integrity requirements: high
Max severity: critical
Asset identifier: blog.token.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: none
Eligible for bounty:
Eligible for submissions: true
Instruction: This is a marketing website only. We'll only consider vulnerabilities that lead to misleading content being shown. This means clickjacking, framing and similar attack vectors are out of scope. The blog is hosted by Automattic, any issues in their operation of WordPress are out of scope.
Integrity requirements: medium
Max severity: high
Asset identifier: com.token.android
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement: none
Confidentiality requirement: medium
Eligible for bounty:
Eligible for submissions: true
Instruction: This is our token.com mobile app for Android. Currently only available in Brazil, find it at https://play.google.com/store/apps/details?id=com.token.android.
Integrity requirements: medium
Max severity: critical
Asset identifier: com.token.ios
Asset type: APPLE_STORE_APP_ID
Availability requirement: none
Confidentiality requirement: medium
Eligible for bounty:
Eligible for submissions: true
Instruction: This is our token.com mobile app for iOS. Currently only available in Brazil, find it at https://apps.apple.com/br/app/token-com/id1566878207.
Instruction: Smart contracts under <https://github.com/tokencard/contracts/tree/master/contracts> and previous released versions, excluding mocks and other test contracts.
Integrity requirements: high
Max severity: critical
Asset identifier: io.tokencard.app.android
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement: none
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: This is our Monolith mobile app for Android. You can find it at https://play.google.com/store/apps/details?id=io.tokencard.app.android.
Integrity requirements: high
Max severity: critical
Asset identifier: lt.tokencard.monolith-ios
Asset type: APPLE_STORE_APP_ID
Availability requirement: none
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: This is our Monolith mobile app for iOS. You can find it at https://apps.apple.com/us/app/monolith-ethereum-wallet/id1631556490.
Integrity requirements: high
Max severity: critical
Asset identifier: monolith.xyz
Asset type: URL
Availability requirement: low
Confidentiality requirement: none
Eligible for bounty:
Eligible for submissions: true
Instruction: This is a marketing website only. We'll only consider vulnerabilities that lead to misleading content being shown. This means clickjacking, framing and similar attack vectors are out of scope.
Integrity requirements: medium
Max severity: high
Asset identifier: token.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: none
Eligible for bounty:
Eligible for submissions: true
Instruction: This is a marketing website only. We'll only consider vulnerabilities that lead to misleading content being shown. This means clickjacking, framing and similar attack vectors are out of scope.
