Our bug bounty program aims to discover any vulnerabilities in the BountyGraph platform and reward security researchers accordingly!
We are interested in vulnerabilities that have a clear impact on the security of our service, especially vulnerabilities that would allow an attacker to extract sensitive information from bug reports.
The following are out of scope and will not receive a bounty
BountyGraph will determine whether a reported issue is considered a security vulnerability and assign it a severity rating of Low, Moderate, High, or Critical.
Depending on this rating, a valid report will pay out of the money raised so far, at roughly the percentages described in the table below.
Please remember that not all submissions will qualify for a bounty. Generally only the first valid report of a particular bug will be accepted, and the final decision of the bounty reward is at the discretion of the Panel.
Bounties are paid to hackers and project maintainers at the discretion of the funding organizations and the BountyGraph team. To be eligible for a bounty, each submission must meet BountyGraph's report guidelines.