Skip to main content
All CollectionsBug Bounty Program
Bug Bounty Program at Request
Bug Bounty Program at Request

Critical vulnerabilities reported to [email protected] will be rewarded up to €20,000.

Max Franke avatar
Written by Max Franke
Updated over a year ago

Scope

The Request Finance bug bounty program currently targets security issues in the following scopes:

It includes all the features that are live or in beta.

Rules and rewards

The rules of our bug bounty program are the following:

  • Issues already known to the Request team are not eligible for bounty rewards. This includes issues already submitted by someone else.

  • Public disclosure of a vulnerability makes it ineligible for a bounty.

  • The Request core development team, employees, and all other people paid by Request Labs or the Request Network Foundation, directly or indirectly, are not eligible for rewards.

  • The Request bounty program considers a number of variables in determining rewards. Determinations of eligibility, score, and all terms related to rewards are at the sole and final discretion of the Request Finance bug bounty panel.

The value of rewards paid out will vary depending on severity. The severity is calculated according to the OWASP risk rating model based on Impact and Likelihood:

Reward sizes are guided by the rules below, but are ultimately determined at the sole discretion of the Request Foundation bug bounty panel. We also take into account the efforts put to find and report the vulnerability, including efforts put at giving proofs and solutions.

  • Critical: up to 20 000 €

  • High: up to 15 000 €

  • Medium: up to 10 000 €

  • Low: up to 2 000 €

  • Note: up to 500 €

Bounties may be paid in ETH or REQ.

How to report

By e-mail: [email protected].

The bug bounty program has no end date until communicated otherwise.

Did this answer your question?