Sifchain Program Statistics


View program

71 total issues disclosed

$450 total paid publicly

Most disclosed (19 disclosures) — None supplied



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Subdomain Takeover on proxies.sifchain.finance pointing to vercel Misconfiguration hrdfrdh High 2022-04-01
Misconfiguration Certificate Authority Authorization Rule Misconfiguration d4rk_r0s3 None 2021-12-09
No Valid SPF Records at sifchain.finance Violation of Secure Design Principles n33dm0n3y No rating 2021-12-09
Dependency Confusion Vulnerability in Sifnode Due to Unclaimed npm Packages. Code Injection 0xcachefl0w None 2021-12-09
Linux Desktop application "sifnoded" executable does not use Pie / no ASLR Violation of Secure Design Principles n33dm0n3y No rating 2021-12-09
Origin IP Disclosure Vulnerability None supplied uniquekamboj6738 No rating 2021-12-09
Information Disclosure at one of your subdomain Information Disclosure omemishra None 2021-12-09
Signature Verification /// golang.org/x/crypto/ssh Cryptographic Issues - Generic dpredrag High 2021-12-09
Sifchain token leak Insecure Storage of Sensitive Information abdullah321 None 2021-12-09
Sifchain Privacy Policy Webpage Uses Wordpress Default Template. Does Not Display Correct Privacy Policy. Information Disclosure masq31 None 2021-12-09
No Rate Limit in email leads to huge Mass mailings None supplied sudhakarsurya No rating 2021-12-09
Wrong Implementation of Url in https://docs.sifchain.finance/ Misconfiguration sar00n Low 2021-12-09
information disclosure None supplied virus26 No rating 2021-12-09
CSRF in newsletter form Cross-Site Request Forgery (CSRF) ph0b0s None 2021-12-09
ETHEREUM_PRIVATE_KEY leaked via github None supplied bugkillerak None 2021-12-09
Clickjacking /framing on sensitive Subdomain UI Redressing (Clickjacking) ilxax1 None 2021-12-09
No valid SPF record found Improper Authentication - Generic tamilarasi11 No rating 2021-12-09
Session Token in URL Improper Authentication - Generic little_one None 2021-12-09
Clickjacking at sifchain.finance UI Redressing (Clickjacking) manjithgowthaman Medium 2021-12-09
clickjacking vulnerability UI Redressing (Clickjacking) sravani_1234 No rating 2021-12-09
Clickjacking UI Redressing (Clickjacking) whiteraven0101 Low 2021-12-09
Design Issues at Main Domain Violation of Secure Design Principles n33dm0n3y Low 2021-12-09
Username disclosure at Main Domain Information Disclosure n33dm0n3y Low 2021-12-09
Vulnerability : Email Spoofing None supplied tajammul None 2021-12-09
CORS (Cross-Origin Resource Sharing) origin validation failure None supplied 11holefinder None 2021-12-09
4 xss vulnerability dom based cwe 79 ; wordpress bootstrap.min.js is vulnerable Cross-site Scripting (XSS) - DOM rao_ji1hackerone Medium 2021-12-09
Email Spoofing bug None supplied niloychowdhury3 No rating 2021-12-09
Possible Database Details stored in values.yaml Cleartext Storage of Sensitive Information sparta5537 Medium 2021-12-09
Wrong Url in Main page of sifchain.finance Misconfiguration beebeek Low 2021-12-09
Bootstrap library is vulnerable Inclusion of Functionality from Untrusted Control Sphere sathish87 Low 2021-09-06
SSH server due to Improper Signature Verification None supplied escanor56 High 2021-08-30
Vulnerable javascript dependency at Main domain Using Components with Known Vulnerabilities dantt Low 2021-08-02
CORS misconfiguration Business Logic Errors legacy_defender None 2021-06-29
Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation None supplied foysalahmed Medium 2021-06-21
Clickjacking misconfiguration bug None supplied ridoykhan0x1 No rating 2021-06-18
Error Page Content Spoofing or Text Injection None supplied g4urav_19 Low 2021-06-15
Wrong implementation of Telegram link on the main page for PC users Misconfiguration ibrahimatix0x01 None 2021-06-12
Flaws In Social media Icon on error page which can lead to financial loss to a company. Business Logic Errors beebeek None 2021-06-12
CORS Misconfiguration Leads to Sensitive Exposure on Sifchain main domain None supplied emptymahbob None 2021-06-10
CORS (Cross-Origin Resource Sharing) origin validation failure -Any website can issue requests made with user credentials and read the responses to th Cross-site Scripting (XSS) - Stored bader2 None 2021-06-10
Private eth key found None supplied mstwtd73 No rating 2021-06-10
HTTPS not enforced at dex.sifchain.finance Violation of Secure Design Principles zelzal Low 2021-06-10
Open S3 Bucket | information leakage None supplied b29z No rating 2021-05-15
Information Disclosure on https://rpc.sifchain.finance/ Information Disclosure bringing2021 None 2021-05-15
No Valid SPF Records/don't have DMARC record Improper Authentication - Generic himan253 None 2021-05-14
No Rate Limit protection in user subscription form None supplied aliyugombe Low 2021-05-14
Found a url on source code which was disclosing different juicy informations like ip addresses and available endponts Information Exposure Through Directory Listing paranoid07 None 2021-05-14
Path Transversal inside saveContracts.js Relative Path Traversal caon None 2021-05-14
Email spoofing Improper Authentication - Generic tmsm None 2021-05-13
Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. None supplied sudhakarsurya None 2021-05-13
Wordpress Users Disclosure (/wp-json/wp/v2/users/) on sifchain.finance None supplied ibrahimatix0x01 Low 2021-05-13
CORS Misconfiguration Misconfiguration itsme_ani None 2021-05-12
Social media links not working Business Logic Errors tefa_ None 2021-05-12
Wrong Url in Main Page Misconfiguration dantt Low 2021-05-12
Email Spoofing on sifchain.finance None supplied ibrahimatix0x01 Low 2021-05-11
Clickjacking Vulnerability in sifchain.finance UI Redressing (Clickjacking) lemon_in-the_spoon No rating 2021-05-11
Found key_adress and key_password in GitHub history Password in Configuration File mhohlfeld None 2021-05-08
Information disclosure on Sifchain Information Disclosure rohitburke None 2021-05-08
Vulnerable for clickjacking attack UI Redressing (Clickjacking) akay0783 None 2021-05-08
A password in plain text in conf file Password in Configuration File nouradeen No rating 2021-05-07
ETHEREUM_PRIVATE_KEY leaked via Open Github Repository Cleartext Storage of Sensitive Information fozisimi None 2021-05-07
wrong url in hackerone > goes to wix.com > unconnected Misconfiguration mhohlfeld Low 2021-05-07
Private RSA key for Vagrant exposed in GitHub repository Insecure Storage of Sensitive Information sdushantha None 2021-05-07
RSA PRIVATE KEY discloser Information Disclosure rootspectra None 2021-05-07
mongodb credentials leaked in github Information Disclosure makuzo No rating 2021-05-07
Private KEY of crypto wallet Use of Hard-coded Password krynos None 2021-05-07
ETHEREUM_PRIVATE_KEY leaked Cleartext Storage of Sensitive Information dexter34 No rating 2021-05-07
Exposed Openapi Token Cleartext Storage of Sensitive Information johnjhacking None 2021-05-07
Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation None supplied spyata None 2021-05-07
Subdomain Takeover At the Main Domain Of Your Site Improper Access Control - Generic ahmedelmalky Low 2021-05-07
xmlrpc.php And /wp-json/wp/v2/users FILE IS enable it will used for bruteforce attack and denial of service Uncontrolled Resource Consumption malagham None 2021-05-06