Update: Jan 8, 2022
※ Please note that the MCS Bug Bounty Program is temporarily suspended from Jan 8, 2022 until further notice. ※
MCS is evolving at this very second and the Team is continuously publishing new code, so we are constantly trying to detect bugs and improve the trading platform to ensure the optimal trading environment for all traders. Please report any security vulnerabilities you have found on MCS.
Responsible Disclosure Policy
Please disclose responsibly. Violating any of the following disclosure policies, not limited to, may result in a legal dispute.
- Public disclosure of the vulnerability before the Team takes necessary measures is prohibited.
- You must not interrupt MCS in both technical and non-technical ways upon finding the vulnerability.
- Any harms done to fellow traders on MCS is strictly prohibited.
Examples of Qualifying Bugs
The following list of vulnerabilities are examples of eligible bugs.
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF/XSRF)
- Mixed-content scripts
- Authentication or authorization flaws
- Server-side code execution bugs
- Remote code execution
- Accounting errors
How to Submit the Report
Please send an email with your bug report to firstname.lastname@example.org.
A bug report should include a description of the bug, reproduction instructions, and possible security impact. Please try to include as much information in your report as possible.
All the reports arrived will be reviewed thoroughly and be adequately rewarded with bonuses usable on MCS. Deciding the significance of the bug report lies entirely with the Team's discretion. Please note that the first well-explained report per bug will be eligible for the reward.
Payout based on the Priorities