Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
chime
20
In Scope
3
Out of Scope
In-Scope Assets (20)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.1debit.com | URL | No | ||
| *.chimebank.com | URL | No | ||
| *.chimecard.com | URL | No | ||
| *.chimepayments.com | URL | No | ||
| *.chmfin.com | URL | No | ||
| *.saltlabs.com | URL | No | ||
| All Chime Assets | URL | No | - | |
| http://app-qa.chime.com/users/sign_in | URL | No | ||
| http://member-qa.chime.com/enroll | URL | No | ||
| https://*.chime.com | URL | No | ||
| https://app.bitrise.io/app/5bec038cb1e318cd/installable-artifacts/9ad837caadc77d33/public-install-page/ef39a3be131d116b6da3f9d05c70d757 | IOS | No | - | |
| https://app.bitrise.io/app/5bec038cb1e318cd/installable-artifacts/d2424d9760af75d5/public-install-page/4883ab94cee43b34c597ad1df833911f | ANDROID | No | - | |
| https://app.chime.com | URL | No | ||
| https://app.saltlabs.com/ | URL | No | ||
| https://app.staging.saltlabs.com/ | URL | No | ||
| https://apps.apple.com/us/app/chime-mobile-banking/id836215269 | IOS | No | - | |
| https://apps.apple.com/us/app/salt-work-and-get-rewarded/id1668462142 | IOS | No | - | |
| https://play.google.com/store/apps/details?id=com.onedebit.chime | ANDROID | No | ||
| https://play.google.com/store/apps/details?id=com.saltlabs.app | ANDROID | No | ||
| https://www.chime.com | URL | No |
Out-of-Scope Assets (3)
| Asset | Category | Bounty | |
|---|---|---|---|
| Non Chime Owned Assets (see list at the bottom) | URL | No | |
| https://chime.financial | URL | No | |
| https://chimescholars.org | URL | No |