/engagements/immutable
15
In Scope
8
Out of Scope
In-Scope Assets (15)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.immutable.com | URL | Yes | ||
| *.imtbl.com | URL | Yes | ||
| *.testnet.immutable.com | OTHER | Yes | - | |
| https://api.immutable.com | URL | Yes | ||
| https://api.x.immutable.com/ | URL | Yes | ||
| https://auth.immutable.com | URL | Yes | ||
| https://docs.immutable.com/ | URL | Yes | ||
| https://github.com/immutable/ts-immutable-sdk/tree/main/packages/passport/ | OTHER | Yes | - | |
| https://hub.immutable.com/ | URL | Yes | ||
| https://link.x.immutable.com/ | URL | Yes | ||
| https://market.immutable.com/ | URL | Yes | ||
| https://passport.immutable.com/ | URL | Yes | ||
| https://play.immutable.com | URL | Yes | ||
| imx.community | URL | Yes | ||
| testnet.immutable.com | OTHER | Yes | - |
Out-of-Scope Assets (8)
| Asset | Category | Bounty | |
|---|---|---|---|
| *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | OTHER | Yes | |
| *.godsunchained.com | OTHER | Yes | |
| *.gogbackend.com | OTHER | Yes | |
| *.guildofguardians.com | OTHER | Yes | |
| Any data exposure bug that are classified as Public Data such as Ethereum Wallet Address, NFT Purchase activity, or other public blockchain activity. | OTHER | Yes | |
| Anything that does not belong to Immutable | OTHER | Yes | |
| godsunchained.com | OTHER | Yes | |
| gogbackend.com | OTHER | Yes |