Wallet Staking Exchange 5% Buy crypto NEW Support
Login

Bug Bounty Program

1. Introduction

This Bug Bounty Program aims to identify and address potential vulnerabilities in our platform and services. We invite security researchers and ethical hackers to participate by responsibly disclosing any security vulnerabilities they discover. In return, we offer recognition and rewards based on the severity of the issue. The safety and security of our users and systems are our top priority, and we highly appreciate contributions from the security community.


2. Scope

The following systems and services are covered by this Bug Bounty Program:

  • Web applications and APIs
  • Mobile applications (iOS and Android)
  • Any other services directly related to our operations

2.1 Out of Scope

The following areas are not eligible for the Bug Bounty Program:

  • Issues in third-party services or platforms not under our direct control
  • Denial of Service (DoS) attacks
  • Social engineering attacks on employees or users
  • Physical attacks on hardware or data centers
  • Issues affecting outdated or unsupported browsers or platforms


3. Eligibility

We welcome anyone who discovers a vulnerability, provided the following conditions are met:

  • The participant must be the first to report the vulnerability.
  • The vulnerability must be disclosed responsibly, as outlined in this policy.
  • The vulnerability must not be exploited for malicious purposes or personal gain.
  • No public disclosure of the vulnerability must occur before we have had time to address it.

3.1 Ineligible Participants

The following individuals are not eligible to participate in the Bug Bounty Program:

  • Current employees or contractors of the organization
  • Individuals residing in or associated with countries under international sanctions


4. Responsible Disclosure

To qualify for a reward, vulnerabilities must be disclosed responsibly. This means:

  • Reporting the vulnerability promptly and privately to our team.
  • Refraining from exploiting the vulnerability beyond what is necessary for proving its existence.
  • Providing detailed information and reproduction steps to assist in identifying and fixing the vulnerability.

Reports should be submitted through the dedicated bug bounty submission process at [Insert Submission Email or Form].


5. Reward Criteria

Rewards are determined based on the severity, impact, and complexity of the discovered vulnerability. The following categories outline the general reward structure:

  • Critical Vulnerabilities: Issues that pose a high risk of full system compromise, large-scale data breaches, or significant harm to users.
  • Reward: Up to $10,000 or more, depending on severity.
  • High-Risk Vulnerabilities: Vulnerabilities that could allow unauthorized access to sensitive data or critical functions.
  • Reward: Up to $5,000.
  • Medium-Risk Vulnerabilities: Issues such as privilege escalation or bypassing authentication that present moderate risk.
  • Reward: Up to $2,000.
  • Low-Risk Vulnerabilities: Minor security issues such as misconfigurations or less severe flaws.
  • Reward: Up to $500.

5.1 Non-Monetary Rewards

In addition to monetary rewards, participants may receive public recognition, such as inclusion in a Hall of Fame, or other non-monetary tokens of appreciation.


6. Reporting Process

To report a vulnerability, please provide the following:

  1. A clear and detailed description of the vulnerability.
  2. Steps to reproduce the issue, along with any relevant screenshots or proof-of-concept code.
  3. Explanation of the potential impact of the vulnerability.

Once submitted, the report will be reviewed, and our team will work to validate and address the issue.


7. Program Rules

7.1 Do's

  • Do report vulnerabilities with detailed steps to help us verify the issue quickly.
  • Do test responsibly, ensuring minimal impact on user experience or data.
  • Do maintain confidentiality until the issue is resolved.

7.2 Don'ts

  • Do not perform denial-of-service attacks or attempts to disrupt our services.
  • Do not engage in social engineering or phishing against employees or users.
  • Do not access or alter data that does not belong to you.


8. Confidentiality

Participants must keep any discovered vulnerabilities confidential and must not share information about the vulnerabilities with third parties or the public before the issue is resolved. Violations of this rule may result in disqualification from receiving rewards.


9. Legal Considerations

  • Participation in the Bug Bounty Program does not authorize any form of unlawful or unauthorized testing of systems.
  • Participants agree to comply with all applicable laws while testing and reporting vulnerabilities.
  • The organization reserves the right to modify or terminate the Bug Bounty Program at any time without notice.