Program Overview

Reporting Guidelines

Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
When reporting vulnerabilities, please consider (1) attack scenario / exploitability, and (2) security impact of the bug.
For vulnerabilities involving personally identifiable information, please explain the kind of PII you believe is exposed and limit the amount of PII data included in your submissions.

Research Guidelines

Do not impact production systems in a negative way for any testing
All smart contract testing should be done with a forked local copy of mainnet
Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact
When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced)
Multiple vulnerabilities caused by one underlying issue will be awarded one bounty
Social engineering (e.g. phishing, vishing, smishing) is prohibited
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service
Only interact with accounts you own or with explicit permission of the account holder
Avoid using web application scanners for automatic vulnerability searching which generates massive traffic
Make every effort not to damage or restrict the availability of products, services, or infrastructure
Avoid compromising any personal data, interruption, or degradation of any service
Don’t access or modify other user data, localize all tests to your accounts
Perform testing only within the scope
Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks, or spam
Don’t spam forms or account creation flows using automated scanners
In case you find chain vulnerabilities we’ll pay only for vulnerability with the highest severity.
Don’t break any law and stay in the defined scope
Any details of found vulnerabilities must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company without appropriate permission
Please limit your requests to 5 requests per second.
Please do not blast the support centre tickets with too many requests.

Reporting Guidelines

Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.

When reporting vulnerabilities, please consider (1) attack scenario / exploitability, and (2) security impact of the bug.

For vulnerabilities involving personally identifiable information, please explain the kind of PII you believe is exposed and limit the amount of PII data included in your submissions.

Research Guidelines

Do not impact production systems in a negative way for any testing

All smart contract testing should be done with a forked local copy of mainnet

Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact

When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced)

Multiple vulnerabilities caused by one underlying issue will be awarded one bounty

Social engineering (e.g. phishing, vishing, smishing) is prohibited

Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service

Only interact with accounts you own or with explicit permission of the account holder

Avoid using web application scanners for automatic vulnerability searching which generates massive traffic

Make every effort not to damage or restrict the availability of products, services, or infrastructure

Avoid compromising any personal data, interruption, or degradation of any service

Don’t access or modify other user data, localize all tests to your accounts

Perform testing only within the scope

Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks, or spam

Don’t spam forms or account creation flows using automated scanners

In case you find chain vulnerabilities we’ll pay only for vulnerability with the highest severity.

Don’t break any law and stay in the defined scope

Any details of found vulnerabilities must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company without appropriate permission

Please limit your requests to 5 requests per second.

Please do not blast the support centre tickets with too many requests.

Jupiter

Jupiter

Program Overview

Reporting Guidelines

Research Guidelines

Reporting Guidelines

Research Guidelines