Topic: [BOUNTY] - Bugs at the Kraken.com Exchange - page 3. (Read 22239 times)

BTCX/Dargo:



I have a password set for trading and 2-factor for login.   I tried with both trading password and login 2-factor password.

I get this error message no matter what trade I do from the advanced screen. 

Tried with and without margin, and with and without condition set.  I also tested with 1 USD order, so this is not dependent on my order size.

Site is looking good, hope this helps.

I clicked on the 'X' button of an open margin position to close it. It opens up an order form to fill out the volume, order type, price... It was the order type that reverted from limit to market, just as, or right before  I clicked the review button. I didn't see it change, just that it was a market order on the review screen, and I had set it for limit with a price of $104.

Don't worry, you'll get it.   

Can you clarify exactly which order form is refreshing automatically? I haven't run across this.

We don't want things to get too crowded up there, but I agree some important numbers like P/L would be nice.


I'll have to check on this.

I see now.


All this is intentional, so not a bug.


I think we are going to stick with military time, so those who love the am/pm thing are going to be a bit disappointed.

Hey, I didn't get my first bounty yet, be sure to check out my 2nd post of bugs also.

The auto refresh is cool and all, but in the middle of filling out the order form it will just go back to the default and potentially cause orders to execute in an unexpected way.

What happened was, I set a limit sell to close a position. Set the price and volume, and clicked on the review button. It defaulted back as I hit the review order button. If you are quick to click the accept button on the review page, you wouldn't realize that you were about to sell at market and lose profits or even net a loss. That is a big deal when you are trying to get a good price during quick moves

Just a suggestion here.
Perhaps put the margin balance and current P/L somewhere near the balance box at the top. This will make for quick reference without changing tabs.

What is the margin requirement?
At 10:1 and a starting balance of $5000, the margin balance should be $50,000. With a $100/BTC price tag, if I try to short 300BTC which would be $30,000 +fees, I get an "Insufficient margin balance" error.

Thanks man, I'll be sure to look for more bugs.

Also, with EDIT7 when you couldn't reproduce the issue, this is what I meant.
http://puu.sh/3gtKW.png

If I just filled that out, it didn't give me an error for no email entered, it just refreshed the page and gave me that.

EDIT1:
When going under the about section on the main website, "Payward Inc., Press, and Jobs" are all empty. Not sure if intentional or accidental.

EDIT2:
When going to Bug Bounty at the bottom of the page, it's empty. Should give an explanation of the current bounty.
https://beta.kraken.com/security/bug-bounty

EDIT3:
When going to deposit, or withdrawl it doesn't display the current time. I know they are disabled, but this could pose a issue later on.
http://puu.sh/3gugt.png

EDIT4:
When I changed my time to EST, it just gave me the hour, http://puu.sh/3gun1.png
Americans use AM and PM feature, and it should auto-configure to that, if you would change.

Thanks, this all looks like stuff we want to change.


You can change your email under Account > Settings


I can't reproduce this - I get "Failed to update password" as the error message.


This is our PGP key, but maybe this needs explanation somewhere in the site content.

Thanks sbregar, bounty on the way.

Yeah it was from us - thank *you* - the issue you raised was very helpful. 

I think I got the bounty yesterday, I don't know who else would've sent it. If so, thanks for your generosity

One bug I know of so far, is when choosing language options, English US and UK have NO difference.
Might want to remove it completely, since they are virtually the same exact thing.
EDIT:
Bug#2 in the email you receive when joining, it should be " The Kraken Team" not "The Kraken team" it looks doesn't look official when doing a deep search.
EDIT2:

Semi major one pretty much when you go to fill out a support ticket, you can upload ANY size file. I've seen this to lag websites, or even upload shells into the site.
Maybe set a limit, to 100MB and no .exe, those are just examples.
Anyways, to replicate it just go to fill a request, and you can upload ANY file.
Imagine if a 100GB file was uploading just to overdraft your hosting, or lag your website.
Also just realized that in your reply to the request you can also upload files, so try to make it a universal limit.


EDIT3(there could be a lot lol):
When receiving the request email, that pretty much confirms It you get this
"##- Please type your reply above this line -##"
That could be for you guys to fill out, but it definitely shouldn't be in the email.
Found it here: https://support.zendesk.com/entries/20378368-Customizing-your-email-templates

EDIT4:
When going to look at the ticket it just says
"Kraken User
Jun 15 02:46"
It should say your username, and it should sync with your time you selected when creating an account.
Such example of the time, is when I submitted it said 02:46
but, going back to my current set time it says 1:58, which isn't even close.

EDIT5:
http://puu.sh/3fSTG.png All the tabs except Requests by Kraken User just seem like default things you aren't going to be using.
I suggest cleaning those out unless you will use them.

EDIT6:
There should be a way to change your email, this is needed so if you need to change your email because you're making a new one, or even if the email got hacked, to be more secure.

EDIT7:
When going to request a password reset, if you just click the button without doing filling in anything, or even filling in the username field it just refreshes the page, and doesn't give any error. It should give a bug, like "Invalid email" etc.

EDIT8:
When receiving emails I notice to always get this weird file, called "signature.asp"
When opening it I get http://puu.sh/3fT7a.png which has no meaning, and could confuse some people, Googling it didn't help and the only thing I could think this relate to is http://puu.sh/3fT9N.png
1PdrhY7ngQnA7rZwtXFzC3rzS44FMk8mNy

These are pretty minor of course, but I was able to reproduce them, so I'll tell btcx to send a small bounty your way.

Maybe I'm misunderstanding you here coinator, but if you create an order which you don't have the funds to complete, the system does let you proceed and will give you a partial fill for what you do have the funds for. The remaining partially completed order will be cancelled. If this is what you are talking about, it isn't a bug. If it isn't what you are talking about, please clarify.

Middle-clicking links doesn't do anything in Firefox 21.0 on Windows 8, it should open them in a new tab. Only right click -> "Open Link in New Tab" works.

14eazyBQToTfAcZsYLNcofyDMjVKjtVykh

Thanks for your prompt response. I'm quite positive that the one bounty I received was for #29 and followed up on #31. The reason why I remembered this is because it was one of the first few BTC I received, thanks for that! Then, I spent more time debugging the site and posted more bug report. Btcx was busy since and I did not hear back from him. Now that I know the site is still in progress, I will try and report more bugs.

Since those bugs posted was found quite some time ago, I'm not sure if it has been fixed already but I'm sure I have tried many times to find and was able to reproduce the bug that time.

I have just pm you my btc address, you may send my bounty there, thanks again.

From the thread it looks to me like btcx probably sent a single bounty for 29, 31, 33. But there's no response for 35 and 38, so I'll need to look into those. btcx probably has your address on file, but go ahead and PM it to me. Thanks for you help coinator!

Hi, can you please send my bounty reward to my btc address? 
I only received my first reward on #29 and #31
I have posted several other bugs report at #33 #35 #38 and btcx acknowledge the find on #34 but he went to bitcoin meeting and was out of contact since.

Dargo, I see that you are in charge of this now, should I send you my btc address or you guys have it on file? Thank you.