Coinbase


reports in last 90 days

46

disclosed resolved issues

26

disclosed informative issues

6

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Critical ETH contract handling errors

Business Logic Errors ambisafe Time to triage: 0 Days and 11 hours


Time to close: 4 Days and 5 hours
Resolved

Critical ETH contract handling errors

Business Logic Errors ambisafe Time to triage: 0 Days and 11 hours


Time to close: 4 Days and 5 hours
Resolved

Critical Double Payout via PayPal

Business Logic Errors dawgyg Issue was not triaged


Time to close: 67 Days and 14 hours
Resolved

No rating User provided values passed to PHP unset() function

Type Confusion paulos_ Issue was not triaged


Time to close: 133 Days and 23 hours
Informative

No rating User provided values trusted in sensitive actions

None supplied paulos_ Issue was not triaged


Time to close: 0 Days and 5 hours
Informative

No rating Stored CSS Injection

Resource Injection cablej Time to triage: 14 Days and 15 hours


Time to close: 5 Days and 5 hours
Resolved

No rating Prepopulation of email address and name leaks information provided to other merchants

UI Redressing (Clickjacking) cablej Issue was not triaged


Time to close: 19 Days and 0 hours
Resolved

Critical Ethereum account balance manipulation

Business Logic Errors vicompany Time to triage: 15 Days and 10 hours


Time to close: 14 Days and 6 hours
Resolved

No rating New Device Confirmation Bug

None supplied whysoleet Issue was not triaged


Time to close: 2 Days and 9 hours
Informative

Low Captcha Bypass in Coinbase SignUp Form

Violation of Secure Design Principles tejpratap Time to triage: 3 Days and 15 hours


Time to close: 52 Days and 22 hours
Resolved

No rating Csrf bug on signup session

Cross-Site Request Forgery (CSRF) dark_heaven Issue was not triaged


Time to close: 15 Days and 12 hours
Informative

Low Information disclosure in coinbase android app

Improper Authentication - Generic 7h3_3y3 Issue was not triaged


Time to close: 11 Days and 6 hours
Informative

No rating Inaccurate Payment receipt

None supplied dpgribkov Issue was not triaged


Time to close: 1 Days and 6 hours
Informative

No rating CSRF bug on password change

Cross-Site Request Forgery (CSRF) dark_heaven Issue was not triaged


Time to close: 61 Days and 6 hours
Not-applicable

Low Information disclosue in Android Application

Denial of Service mangotango Issue was not triaged


Time to close: 45 Days and 8 hours
Duplicate

No rating XSSI (Cross Site Script Inclusion)

Cross-Site Request Forgery (CSRF) paulos_ Time to triage: 1 Days and 0 hours


Time to close: 28 Days and 22 hours
Resolved

None Device confirmation Flaw

None supplied mohammad_obaid Time to triage: 2 Days and 14 hours


Time to close: 0 Days and 19 hours
Informative

Low Information disclosure same issue #176002

None supplied port Time to triage: 0 Days and 13 hours


Time to close: 0 Days and 2 hours
Resolved

Low Open redirect on sign in

Open Redirect dark_heaven Issue was not triaged


Time to close: 28 Days and 6 hours
Not-applicable

None X-Frame-Options

UI Redressing (Clickjacking) dark_heaven Issue was not triaged


Time to close: 14 Days and 19 hours
Informative

Low [buy.coinbase.com]Content Injection

None supplied mga_bobo Issue was not triaged


Time to close: 20 Days and 13 hours
Resolved

Low Requestor Email Disclosure via Email Notification

Information Disclosure japz Issue was not triaged


Time to close: 0 Days and 6 hours
Informative

No rating Content Injection error page

Violation of Secure Design Principles dr_dragon Issue was not triaged


Time to close: 1 Days and 15 hours
Informative

Low Authentication Issue

Privilege Escalation bugdiscloseguys Time to triage: 0 Days and 9 hours


Time to close: 4 Days and 0 hours
Resolved

No rating ByPassing the email Validation Email on Sign up process in mobile apps

Violation of Secure Design Principles kaleemgiet Time to triage: 7 Days and 5 hours


Time to close: 14 Days and 23 hours
Resolved