> Bug Bounty

Security is a core value for us, and we appreciate the help of security researchers to keep our users safe. We encourage responsible vulnerability research and disclosure. This policy outlines what we consider good-faith security research — and what you can expect from us in return.

IN-SCOPE

The following domains/services are included in the scope of the program:

OUT-OF-SCOPE

Exploits/flaws that are not eligible for this program:

REWARDS

EXPLOITS REWARD
XSS € 200
XSS (Bypassing CSP) € 400
CSRF € 400
Authentication Bypass € 1000
SQL Injection € 2000
Arbitrary code execution € 2000
Arbitrary code execution (with privilege escalation) € 4000
Persistent code change € 2000

RECEIVING YOUR AWARD

We only offer payouts in Monero (XMR).

Ground Rules:

SAFE HARBOR

When conducting vulnerability research under this policy, we consider it to be:

You must comply with all applicable laws. If a third party takes legal action against you and you've followed this policy, we'll support you by clarifying that you've complied. If you're ever unsure about the consistency of your security research with this policy, please submit a report through the ticket system before proceeding further.

DISCLOSURE POLICY

If you believe you have discovered a vulnerability, please create a ticket through the ticket system.

Looking to report a vulnerability?

Open a Ticket