Bug that allows you to see BAT balance of any website

kirkins (66)in #utopian-io • 6 years ago (edited)

Project Information

Repository: Brave
Project Name: Brave Browser
Publisher: Brave

Expected Behavior

Show the current BAT balance of logged in user.

Actual Behavior

Am able to add an unverified website and after updating deposit currency balance updates to show balance including unverified website.

How to reproduce

Become a verified BAT publisher
Add another website
Skip verification step
Click the change deposit currency
Click confirm

Recording the bug

Here I show the BAT balance of steemit.com and google.com even though I shouldn't have permission to see this. This is followed by my own balance without calculating any unverified sites.

Screenshot from 2018-07-04 16-34-15.png
Google.com

Screenshot from 2018-07-04 16-21-03.png
Steemit.com

Screenshot from 2018-07-04 16-52-10.png
Philip Kirkbride

Github Account

Kirkins
Issue submitted on Github

#bug-hunting #bat #brave #bravebrowser

6 years ago in #utopian-io by kirkins (66)

$4.09

Sort:

Trending

[-]

fego (72) 6 years ago

Hi @kirkins, thanks for reporting this error. Its great to have you contributing on utopian.

Sadly, there has been some changes to the bug hunting category which you can read in this post.

Bug-hunting category has been declared as a TR (task-request) only category. This implies that contributions to projects which are not present in the whitelist will not be eligible for review. You can check the whitelist here

Your bug-report is based on a project that is not whitelisted and we don't have the proper consent to accept such contributions.

Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]

$0.00

1 vote

[-]

tipu (67) 6 years ago

This post received upvote from @tipU :) | Voting service | For investors.

$0.00

STEEM 0.18

TRX 0.15

JST 0.029

BTC 61949.37

ETH 2415.67

USDT 1.00

SBD 2.65