IOTA Foundation (www.iota.org) is a not-for-profit foundation based in Berlin, Germany with the mission to support the development and standardisation of new distributed ledger technologies (DLT). To drive the future economy of interconnected and autonomous devices, the IOTA Founders established the Foundation and developed the ideas behind the Tangle architecture. The IOTA Tangle is an innovative type of DLT specifically designed for large scale transactions and the Internet of Things (IoT) environment.
We are inviting researchers to test our latest Mobile and Desktop wallet: Trinity. It is aimed at non-technical consumers of IOTA technology, allowing them to access the network with a simple and fool-proof UI. The application has been developed using React Native for iOS and Android as well as Electron for Windows, Mac Os and Linux.
We hope this program helps deliver a safer wallet to the consumers of IOTA technology.
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
Reward RangeLast updated
|Technical severity||Reward range|
|p1 Critical||Up to: $1,500|
|p2 Severe||Up to: $900|
|p3 Moderate||Up to: $300|
|p4 Low||Up to: $100|
Any domain/property of the IOTA organization not listed in the targets section is out of scope. This includes any/all subdomains not listed above.
Binaries can be downloaded here
Mono-repo Source Code
The applications are built to be standalone, they do not require any servers from the IOTA Foundation to run.
They have a pre-populated list of IOTA nodes to enable a quick start for new users. This can be changed in the settings. If you would like to run you own node to connect with the Trinity wallet you can follow a tutorial here.
Any contact forms or issue submission functions within the app are live. However, it is best to submit through this platform.
The application can be used without credentials provided by following the internal setup process. However, upon request, researchers will be provided with one SEED that contains 40Ki of IOTA tokens (see below for obtaining a seed).
These tokens are real and are valid on the main IOTA network. This is equal to 40,000 tokens, which is roughly $0.6 USD. The minimum amount that can be sent on the network is 1 token and there are no fees. So you will be able to send these tokens back and forth between multiple wallets.
Each researcher will be given one SEED - please follow the guide below to obtain credentials.
1.) To request access to the program, first log into your Bugcrowd researcher account.
- Current Researchers can log in here: https://bugcrowd.com/user/sign_in.
- New researchers can sign up here: https://bugcrowd.com/user/sign_up.
2.) Once signed in, please email email@example.com to request credentials.
- Please use the subject line '@@@@Iota Credential Request@@@@'.
3.) Bugcrowd will distribute your seed/wallet as quickly as possible.
- Please allow 24 business hours (PST) for your access to be granted.
The applications core functionality is three fold:
- Read wallet balance & history
- Create and broadcast IOTA transactions to the Tangle
- Store the SEED/s for the wallet in a safe manner.
Ensuring the security of these functions is of the greatest importance to the Foundation and ultimately the users of the wallet.
Excluded from Rewards
- Protocol bugs that are unrelated to the Trinity wallet.
- Addresses that aren't derived from a SEED you own.
- Other users testing the Alpha of the Desktop or the Beta of the Mobile software
- IOTA Network consensus
- IOTA Network confirmation
- Any distribution channels. Play Store, Apple Store, Download link for Desktop.