Reports in sifchain program: S.No Title Bounty 1 Wrong Url in Main Page $200.0 2 xmlrpc.php And /wp-json/wp/v2/users FILE IS enable it will used for bruteforce attack and denial of service $50.0 3 Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation $0.0 4 Exposed Openapi Token $0.0 5 ETHEREUM_PRIVATE_KEY leaked $0.0 6 Private KEY of crypto wallet $0.0 7 mongodb credentials leaked in github $0.0 8 RSA PRIVATE KEY discloser $0.0 9 Private RSA key for Vagrant exposed in GitHub repository $0.0 10 wrong url in hackerone > goes to wix.com > unconnected $0.0 11 ETHEREUM_PRIVATE_KEY leaked via Open Github Repository $0.0 12 Subdomain Takeover At the Main Domain Of Your Site $0.0 13 A password in plain text in conf file $0.0 14 Vulnerable for clickjacking attack $0.0 15 Information disclosure on Sifchain $0.0 16 Found key_adress and key_password in GitHub history $0.0 17 Clickjacking Vulnerability in sifchain.finance $0.0 18 Email Spoofing on sifchain.finance $0.0 19 Social media links not working $0.0 20 CORS Misconfiguration $0.0 21 Wordpress Users Disclosure (/wp-json/wp/v2/users/) on sifchain.finance $0.0 22 Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. $0.0 23 Email spoofing $0.0 24 Path Transversal inside saveContracts.js $0.0 25 Found a url on source code which was disclosing different juicy informations like ip addresses and available endponts $0.0 26 No Rate Limit protection in user subscription form $0.0 27 No Valid SPF Records/don't have DMARC record $0.0 28 Information Disclosure on https://rpc.sifchain.finance/ $0.0 29 Open S3 Bucket | information leakage $0.0 30 HTTPS not enforced at dex.sifchain.finance $0.0 31 Private eth key found $0.0 32 CORS (Cross-Origin Resource Sharing) origin validation failure -Any website can issue requests made with user credentials and read the responses to th $0.0 33 CORS Misconfiguration Leads to Sensitive Exposure on Sifchain main domain $0.0 34 Flaws In Social media Icon on error page which can lead to financial loss to a company. $0.0 35 Wrong implementation of Telegram link on the main page for PC users $0.0 36 Error Page Content Spoofing or Text Injection $0.0 37 Clickjacking misconfiguration bug $0.0 38 Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation $0.0 39 CORS misconfiguration $0.0 40 Vulnerable javascript dependency at Main domain $0.0 41 SSH server due to Improper Signature Verification $0.0 42 Bootstrap library is vulnerable $0.0 43 Email Spoofing bug $0.0 44 Dependency Confusion Vulnerability in Sifnode Due to Unclaimed npm Packages. $0.0 45 Origin IP Disclosure Vulnerability $0.0 46 Signature Verification /// golang.org/x/crypto/ssh $0.0 47 4 xss vulnerability dom based cwe 79 ; wordpress bootstrap.min.js is vulnerable $0.0 48 ETHEREUM_PRIVATE_KEY leaked via github $0.0 49 Sifchain token leak $0.0 50 Possible Database Details stored in values.yaml $0.0 51 information disclosure $0.0 52 Clickjacking $0.0 53 clickjacking vulnerability $0.0 54 Clickjacking at sifchain.finance $0.0 55 Wrong Url in Main page of sifchain.finance $0.0 56 Wrong Implementation of Url in https://docs.sifchain.finance/ $0.0 57 CSRF in newsletter form $0.0 58 Session Token in URL $0.0 59 No Valid SPF Records at sifchain.finance $0.0 60 Clickjacking /framing on sensitive Subdomain $0.0 61 Sifchain Privacy Policy Webpage Uses Wordpress Default Template. Does Not Display Correct Privacy Policy. $0.0 62 Information Disclosure at one of your subdomain $0.0 63 No Rate Limit in email leads to huge Mass mailings $0.0 64 Design Issues at Main Domain $0.0 65 Username disclosure at Main Domain $0.0 66 No valid SPF record found $0.0 67 Vulnerability : Email Spoofing $0.0 68 CORS (Cross-Origin Resource Sharing) origin validation failure $0.0 69 Linux Desktop application "sifnoded" executable does not use Pie / no ASLR $0.0 70 Misconfiguration Certificate Authority Authorization Rule $0.0 71 Subdomain Takeover on proxies.sifchain.finance pointing to vercel $0.0