CS Virtual Trade Ltd., reg. no. HE 389299 Registered address and the principal place of business: 705, Spyrou Araouzou & Koumantarias, Fayza House, 3036, Limassol, Cyprus
G2G Marketplace Limited, reg.no. 3064044 Registered address and the principal place of business: 8F, 30 Hollywood Road, Central, Hong Kong
Bug bounty program
Program details
The main CS.MONEY prerogative is to give our 3.5+ million users opportunity to sell, trade or buy any CS:GO or DOTA 2 items they want to get, thus, we have to insure that our user's personal information is safe and secure. We decided to launch our public bug bounty program, to improve security of our site. The goal of this bounty is to find vulnerabilities which affect the confidentiality, integrity, or availability of our services and code run by us or our customers.
Target overview
cs.money
support.cs.money
3d.cs.money
12 vulnerabilities rewarded
Validation within 2 days
75% of submissions are accepted or rejected within 2 days$450 average payout (last 3 months)
If you find a vulnerability or you want to clarify information about the conditions of the program, contact us:
Reward guidelines
| Target | Reward |
| XSS or CSRF vulnerabilities which have significant impact | $500 + |
| Clickjacking | $100 + |
| For remote executing code on server, unlegitimate access to our servers, disclosure internal private API | $1000 + |
| For any unlegitimate access to our support system | $500 + |
| For vulnerability in other systems (e.g. pic.money, s1.cs.money and etc.) which can violate work on main site | $500 + |
| Any deanonymization of users or user's data. Trading history, telephone numbers, ips and etc. | $500 + |
| Incorrect saving time. For instance saving credit cards numbers in cookies | $250 + |
| Any errors in business logic which can lead to loss of the money. For example: bugs when balance wasn't written off after the skin was bought or traded. Bounty can be easilly increased in case a greater vulnerability is discovered. | $100 - $5000 |
| Authorization or authentication bypass | $500 + |
