Comment on page
Findora's bug bounty program
Findora is committed to 100% security on its network and providing an intuitive user experience to our community. Security is our top priority, and we are dedicated to protecting your information both on and off-chain. To that end, we have instituted a bug-bounty system so you can submit any vulnerabilities. Your contributions are hugely appreciated by the project! All vulnerabilities submitted will be used to improve Findora’s security as well as the user experience. This program rewards anyone who can find security vulnerabilities in Findora or any of the tools it creates. We look forward to working with the security community to find vulnerabilities in order to keep our partners and users safe.
All security issues and questions should be reported via email to [email protected]. This will be acknowledged based on the following SLAs. You will receive a more detailed response, indicating the perceived severity and the next steps in handling your report after the initial response.
Findora will make its best effort to meet the following SLAs for hackers participating in our program:
We will do our best to keep you informed about our progress.
- Please provide reproducible steps in your report. As much detail as possible is appreciated – if the report doesn’t contain sufficient details to be reproducible, the issue will not be eligible for a reward.
- Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
- In the case of duplicate reports, we will reward the report that was first reproducible report received.
- Multiple vulnerabilities caused by one underlying issue will be awarded a single bounty.
- Social engineering (e.g. phishing, vishing, smishing) is prohibited.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.
Our rewards use the Common Vulnerability Scoring Standard and are based on the severity of the issue reported. These are general guidelines, and Findora reserves the right to make the final decision with regard to the reward.
Because this is a private program, we request that you do not discuss this program or any vulnerabilities, whether resolved or not, with anyone outside of the program without express permission from Findora.
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
We really appreciate your contributions and work in keeping Findora and its users secure!