Join our BugBounty Program
Claim a reward of $500 equivalent paid out in PLU for any qualifying bug you discover in our products.
Thank you for joining the Bounty Program
You will receive an email with further information about Bounty Program
Security is of paramount importance, which means that we will investigate all reported bugs and potential breaches. If you believe you have discovered a bug or vulnerability in Plutus.it or any of our applications, please contact us right away at [email protected]
About the Program
We understand the amount of work and research that goes into security testing. As such, reporting any vulnerability that could compromise the confidentiality or integrity of our users or service will be directly rewarded.
Rewards
A reward of up to $500 (paid in PLU) may be provided for the disclosure of qualified bugs found ONLY on the following, the PlutusDEX platform, its trading engine, and only the login process of ‘Plutus Tap and Pay’ App (the app is currently undergoing a complete overhaul for 2.0, which means that any bugs detected now, and their respective fixes, will most likely not be transferable.)
Note: Once Plutus Tap & Pay 2.0 is released, the bounty will once again apply to all aspects of the application.
To reiterate, currently only the following qualify for a bounty reward:
- The PlutusDEX Platform - http://dex.plutus.it
- The Plutus Homepage - http://plutus.it
- Only bugs and exploits which explicitly bypass the login of the current Plutus Tap & Pay app
In order to abide by our policy, vulnerabilities must be disclosed privately and provide us reasonable time to respond. Bounty reports must be sent to [email protected] where they will be reviewed by our development team.
Websites subject to Pentest:
Please note: We do not reward spam or socially engineered vulnerabilities, neither do we reward vulnerabilities that have been disclosed publicly. Third-party applications such as the ones we use to test our BETA applications are not incorporated into this bounty programme. This includes Crashlytics, Telegram, etc.
Terms & Restrictions
- The first person to report and disclose a bug will be rewarded.
- If your bounty has been accepted you will be asked to provide an ERC20 compatible wallet address of which you have full control by owning the private keys.
- We will not be liable if you provide us with a wallet address which you do not control i.e a wallet that’s provided by a 3rd party which has the ability to restrict your access.
- Publicly disclosed bugs will not be rewarded.
- The reward amounts may increase and decrease, this is at our discretion.
- We may cancel the programme at any time.
- Your testing must not violate any laws at any time.
- Due to legal restrictions, we cannot and will not reward residents of countries under current U.S. sanctions (including North Korea, Libya, Cuba).