Bug bounty

We take privacy and security very seriously. Therefore, we encourage everyone to participate in our open vulnerability bounty program, which incentivizes both researchers and hackers to responsibly find, report, and help us fix security vulnerabilities. Like many similar programs, we have a fairly simple and straightforward set of rules that help protect both us and those who report vulnerabilities. 

To report non-security (or anything else) bugs, please contact support.

Thanks for participating and happy insect hunting!

Awards

SHORT

100 dollars

MIDDLE

300–500 dollars

HIGH

from 1000 US dollars

CRITICAL

from 5000 US dollars

What we would like to draw your special attention to: 

- Manipulation of the site's balance 

- Manipulation of trades/purchases (e.g. trading without balance) 

- Unauthorized access to project servers (e.g. vulnerabilities leading to remote code execution). 

- XSS vulnerabilities in resources with critical functionality (with confirmed script execution) 

— A server-side vulnerability leading to information disclosure (e.g. memory leak/IDOR) of critical or sensitive data. 

- Any other vulnerability that violates business logic or could lead to a breach of user privacy.

Rules

  • Do not engage in any actions that could compromise the security or integrity of our services or data. Examples of malicious actions prohibited under this bounty program include: brute-force password guessing, denial-of-service (DoS) attacks, spamming, timing attacks, etc.
  • Please provide detailed reports outlining the steps required to reproduce the issue. If the report is insufficiently detailed, it will not be considered for the reward.
  • Information about discovered problems must not be disclosed or transferred to third parties.
  • If duplicates are found, we will only award the reward to the first report received (provided it can be fully reproduced).
  • Social engineering (phishing) is prohibited.
  • The Company will not take legal action against users for disclosing vulnerabilities in accordance with the instructions set out here.
  • Depending on the validity, severity and scale of each problem, we will reward you with cash or products from the official website .

âš¡ Recommended posts