Since the first days of Bitsler, we have been helped by bug hunters and white hat hackers. Some got some large bounties awarded!
If you find any bug, exploit, or vulnerability, please send us an email at email@example.com or contact our Live Support for faster answers (recommended for critical bugs).
Please keep in mind that your report should have as many details as possible. It will help us better understand the issue. (screenshots or videos can also help)
We will reward you with a bounty bug to encourage and thank you for your help.
After investigations based on your report (we might ask you for more info during that process), we will determine the severity of the vulnerability/bug, and our dev team will calculate the reward amount accordingly.
While we appreciate all reports that might help us to improve and secure Bitsler, some issues are out of scope and won't entitle you to any reward.
Rate limiting (including but not limited: update password)
Weak cipher suite (TLS 1.0-1.1)
When enabling 2FA, sessions are not destroyed (= by design)
Missing Subresource Integrity (SRI)
Missing security headers/cookie flags
No DNSSEC or DANE
Missing CAA DNS records
Attacks requiring MITM or physical access to a user’s device
Possible other “best practices” report. We appreciate reports that show how an attacker could actually cause damage.
We may determine other issues to be out of scope.
Finally (and obviously!), everyone exploiting or making a bug public prior to warning us won't get any reward.