Bug bounty 2018
Until further notice, I offer the following rewards for the discovery of bugs in the Ancient Brain site.
- € 20 for a minor bug.
- € 100 for a major bug.
- € 200 for a critical bug.
My decisions are final.
I have the funds.
So go try and hack it!
I have paid out
Thanks to all who submitted bugs.
Keep them coming!
Here are some ideas to test for bugs and exploits:
Do not cause damage
If you find an exploit that can cause damage:
If you actually cause damage, you will not be paid.
Instead, report how you could cause damage, and collect your payment.
Do not report
Do not bother reporting issues on these platforms:
- Windows Phone
- Any platform that is discontinued.
- Any browser that does not support HTML5.
I am also aware of these issues:
- Fake runs
- Fake images
- Fake scores
- I use password "p" rather than a real Captcha.
- The "forgot/reset password" process is too simple.
- Logout/in on one tab does not logout/in on all other tabs.
- Change password / forgot password does not force logout on all devices.
- CSRF token needed for login/logout
- Drag background only works on top page.
First come first served. Second report of same bug gets nothing.
Hacking attempts may trigger the site firewall (not my code)
and it may give you blocks/timeouts
if certain rules are triggered.
- To check if your IP is blocked / given a timeout, or if something else is going on,
try the site from another IP.
- An actual bug might be if firewall rules are being triggered when they should not be,
so you could report that.
- When you attempt an exploit, it can be hard to tell if it got through and then generated an error,
or if it never got through and the firewall blocked it.
So you may report what looks like the former and then I look into it and discover it is only the latter.
Send bug and exploit reports to:
And you will (subject to my decision) get rewards as above.
Dr. Mark Humphrys
Tel: (+353 1) 700-8059