Dash is an experimental new digital currency that enables anonymous, instant payments to anyone, anywhere in the world. Dash uses peer-to-peer technology to operate with no central authority, managing transactions and issuing money are carried out collectively by the network.
This program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings.
An open source software which enables the use of this currency and is the primary target of this bug bounty program located at https://github.com/dashpay/dash.
At this time focus should be placed on the version 12.2 branch of Dash Core: https://github.com/dashpay/dash/tree/v0.12.2.x
Access: There is a Dash testnet created specifically for software testing. Unlike mainnet, the DASH that exists on testnet has no real value, and since it's an entirely separate network, there is no risk to using the new and experimental software. The Dash team invites anybody who is interested to download the software and become active on testnet.
For more on the Dash testnet, visit:
Have your Dash always with you, in your pocket! You pay by quickly scanning a QR code. As a merchant, you receive payments reliably and instantly. Dash Wallet is the first mobile Dash app.
|P1||$5,000 - $10,000|
|P2||$1,000 - $5,000|
|P3||$500 - $1000|
|P4||$100 - $500|
Vulnerabilities found in Dash Messaging will not be eligible for a monetary reward (Kudos only).
We would like researchers to focus their attention on user authentication. We need to know how an attacker might take over another user's account. We are also interested in ways that the system can be gamed.
Access: Researchers are welcome to create accounts on the live site at https://d-msg.com for testing purposes. If a researcher would like conduct tests with deposited funds, contact Dash Messaging support team and we will make arrangements - https://d-msg.com/D_MSG_support.
New users go through three phases that have escalating privileges:
- Guest user
- Registered user
- Confirmed user