Here at Bitazza, we value the importance of security researchers’ efforts in helping to ensure the safety of our environment. Our Bug Bounty Program is in line with our mission and vision of being one of the most trusted platforms in the digital currency space. The Bug Bounty Program scope covers all software vulnerabilities in Bitazza’s services.
If you are able to identify a security vulnerability, we ask that all researchers make every effort to not leak data or damage the integrity of Bitazza’s systems and report the issue to us privately. This means to:
A valid report must, therefore, clearly explain and demonstrate the software vulnerability that is harmful to Bitazza or Bitazza’s customers. A report must be valid and in accordance with the terms of the program to be eligible for the bounty. Bitazza will, in its sole discretion, determine whether a report qualifies for a reward and the amount of the reward. A valid report must include clear step-by-step instructions to replicate the vulnerability.
Bitazza rewards bounties based on the severity of the vulnerability. The severity of the vulnerability can be categorized as such:
Based on the different levels of severity, exploitability, and impact; the report will be classified into one of the 4 reward tiers
(Rewards are paid in BTZ at the current market rate)
Vulnerabilities that do not fall into Bitazza’s bounty program are:
Should you feel that a particular vulnerability not mentioned here should be in scope, please kindly proceed with submitting the report along with an explanation.
Bitazza reserves the right to modify or cancel the Bug Bounty Program at any time.