Our bug bounty program aims to discover any vulnerabilities in the BountyGraph platform and reward security researchers accordingly!
We are interested in vulnerabilities that have a clear impact on the security of our service, especially vulnerabilities that would allow an attacker to extract sensitive information from bug reports.
The following are out of scope and will not receive a bounty
BountyGraph will determine whether a reported issue is considered a security vulnerability and assign it a severity rating of Low, Moderate, High, or Critical.
Depending on this rating, a valid report will pay out of the money raised so far, at roughly the percentages described in the table below.
Please remember that not all submissions will qualify for a bounty. Generally only the first valid report of a particular bug will be accepted, and the final decision of the bounty reward is at the discretion of the Panel.
Bounties are paid out according to the severity of the vulnerability and the available funds. The following percentages serve as a guide during this process, but individual bugs may earn slightly more or less depending on impact.
Low | Medium | High | Critical
~5% | ~10% | ~15% | ~25%
Contact us if you want more information.