Join our BugBounty Program
About the Program
We understand the amount of work and research that goes into security testing. As such, reporting any vulnerability that could compromise the confidentiality or integrity of our users or service will be directly rewarded.
Rewards
A reward of up to $500 (paid in PLU) may be provided for the disclosure of qualified bugs found ONLY on the following, the PlutusDEX platform, its trading engine, and only the login process of ‘Plutus Tap and Pay’ App (the app is currently undergoing a complete overhaul for 2.0, which means that any bugs detected now, and their respective fixes, will most likely not be transferable.)
Note: Once Plutus Tap & Pay 2.0 is released, the bounty will once again apply to all aspects of the application.
To reiterate, currently only the following qualify for a bounty reward:
- The PlutusDEX Platform - http://dexbeta.plutus.it
- The Plutus Homepage - http://plutus.it
- Only bugs and exploits which explicitly bypass the login of the current Plutus Tap & Pay app
In order to abide by our policy, vulnerabilities must be disclosed privately and provide us reasonable time to respond. Bounty reports must be sent to [email protected] where they will be reviewed by our development team.
Websites subject to Pentest:
Please note: We do not reward spam or socially engineered vulnerabilities, neither do we reward vulnerabilities that have been disclosed publicly. Third-party applications such as the ones we use to test our BETA applications are not incorporated into this bounty programme. This includes Crashlytics, Telegram, etc.
Terms & Restrictions
- The first person to report and disclose a bug will be rewarded.
- If your bounty has been accepted you will be asked to provide an ERC20 compatible wallet address of which you have full control by owning the private keys.
- We will not be liable if you provide us with a wallet address which you do not control i.e a wallet that’s provided by a 3rd party which has the ability to restrict your access.
- Publicly disclosed bugs will not be rewarded.
- The reward amounts may increase and decrease, this is at our discretion.
- We may cancel the programme at any time.
- Your testing must not violate any laws at any time.
- Due to legal restrictions, we cannot and will not reward residents of countries under current U.S. sanctions (including North Korea, Libya, Cuba).