Moneybox Bug Bounty

In Scope

• https://api.moneyboxapp.com api bounty-eligible
• https://admin.moneyboxapp.org web bounty-eligible
• https://admin-roundups.moneyboxapp.org web bounty-eligible
• https://apps.apple.com/gb/app/moneybox-save-and-invest/id1049797239 mobile bounty-eligible
• https://play.google.com/store/apps/details?id=com.moneyboxapp mobile bounty-eligible
• https://sycamore.moneyboxapp.org web bounty-eligible

Out of Scope

All domains or subdomains not listed in the above list of 'Scopes', - Any reports relating to improper authorization / information disclosure on api.moneyboxapp.com through /investment/payments/GetGiftUser/{code} and PII leak or sensitive data exposure is out of scope as this was intended by design.