Augurproject


reports in last 90 days

6

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Low Open s3 bucket allows for public upload

Improper Authentication - Generic the_arch_angel Issue was not triaged


Time to close: 1 Days and 3 hours
Resolved

Medium Indisputable Reporting via Arbitrarily Large Initial Reports

Business Logic Errors michaelx Time to triage: 0 Days and 22 hours


Time to close: 0 Days and 9 hours
Resolved

High Augur UI data can be completely replaced by an attacker which can lead to fund and reputation loss

Client-Side Enforcement of Server-Side Security droblin Time to triage: 0 Days and 13 hours


Time to close: 9 Days and 1 hours
Resolved

Low Full UI hijack via dormant browser service workers

Code Injection karalabe Time to triage: 0 Days and 6 hours


Time to close: 2 Days and 8 hours
Resolved

Medium Subdomain takeover on slack.augur.net pointing to GitHub Pages

Privacy Violation sorachiace Issue was not triaged


Time to close: 1 Days and 10 hours
Resolved

High A miner can manipulate the gas reporting bond

Business Logic Errors edmundedgar Time to triage: 0 Days and 12 hours


Time to close: 0 Days and 3 hours
Resolved