We highly value the contributions of researchers in helping us keep our platform safe.Through our security and bug bounty programs, we reward those who responsibly disclose vulnerabilities with$SNSY tokens.
Rewards
Rewards are paid in $SNSY tokens based on severity
critical
$500 - $5k
equivalenthigh
$200 - $2k
equivalentmedium
$100 - 1k
equivalentlow
$100 - $500
equivalentIn-scope vulnerabilities
- Cross-Site Scripting (XSS)
- Server-Side Request Forgery (SSRF)
- SQL Injection
- Business Logic Vulnerabilities
- Remote Code Execution
- Access Control Issues
- Authentication Bypass
- Critical Information Disclosure
- Insecure Direct Object References (IDOR)
- CORS Misconfigurations
Out of scope
- Theoretical vulnerabilities without proof
- Clickjacking without clear impact
- Social engineering attacks
- CSV injection
- DoS/DDoS attacks
- Known public security issues
- Rate limiting issues
- Issues requiring physical access
- Missing security headers (unless exploitable)
- Findings from automated tools w/o manual verification
- Self - XSS
- Vulnerabilities in third-party services