Pi42's Bug Bounty Program

As a leading crypto futures trading platform, we are committed to maintaining the highest standards of security and reliability.

Our Bug Bounty Program is designed to encourage and reward security researchers and ethical hackers who help us identify and fix vulnerabilities in our system.

How it works?

  • Discover

    Discover

    Identify potential security vulnerabilities in Pi42's platform.

  • Report

    Report

    Submit a detailed report of your findings through our secure reporting form.

  • review

    Review

    Our security team will review your submission and validate the vulnerability.

  • reward

    Reward

    Once the vulnerability is confirmed, you'll be rewarded based on the severity of the issue.

  • Rewards

    Rewards are determined based on the impact and complexity of the vulnerability.

  • Critical

    Up to

    ₹1,00,000

  • HIGH

    Up to

    ₹50,000

  • Medium

    Up to

    ₹10,000

  • Low

    Up to

    ₹5,000

Reporting Guidelines

To submit a report, please include the following information:

  • A clear and concise description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Any supporting evidence (screenshots, code snippets, etc.)

Legal

By participating in Pi42's Bug Bounty Program, you agree to adhere to our legal guidelines and not disclose any information about the vulnerability to third parties without our prior consent.

Contact

For any question or to submit a report,
Please contact our security team at [email protected]

Bug Bounty Results

Celebrating Your Contributions to a Safer Platform

Participant NameSeverity LevelBug DescriptionRewardSubmission Date
Nishant LungareLowTabnabbing₹5,000Sept 2024
Himanshu SondhiLowSub resource Integrity₹5,000Oct 2024

Frequently Asked Questions

Who can participate in the Bug Bounty Program?

Anyone with knowledge and expertise in cybersecurity, ethical hacking, or related fields can participate. We welcome contributions from security researchers, ethical hackers, and enthusiasts worldwide.

What types of vulnerabilities are eligible for a reward?

We are interested in vulnerabilities that could potentially impact the security and integrity of our platform, such as:

  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • SQL Injection
  • Authentication and Authorization flaws
  • Remote Code Execution (RCE)

Note: This is not an exhaustive list. Any critical vulnerability that poses a significant risk to our platform is eligible for a reward.

Are there any out-of-scope vulnerabilities?

Yes, certain vulnerabilities are considered out-of-scope and are not eligible for rewards. These include:

  • Denial of Service (DoS) attacks
  • Physical attacks against our infrastructure
  • Social engineering attacks (e.g., phishing)
  • Vulnerabilities in third-party applications or services not under our control

How do I submit a vulnerability report?

To submit a report, please use our secure reporting form on the Bug Bounty Program webpage. Include a detailed description of the vulnerability, steps to reproduce, potential impact, and any supporting evidence.

How long does it take to review a submission?

Our security team aims to review submissions within 7 business days. However, the review time may vary depending on the complexity of the report and the current volume of submissions.

How are rewards determined?

Rewards are based on the severity and impact of the vulnerability, as well as the quality of the report. Our security team uses industry-standard guidelines to assess the severity of each submission.

Can I disclose the vulnerability publicly?

We request that you do not disclose any details about the vulnerability publicly until we have had a chance to investigate and address the issue. Public disclosure before resolution may disqualify you from receiving a reward.

Can I submit multiple reports?

Yes, you can submit multiple reports as long as each report details a unique vulnerability. Each submission will be evaluated independently for eligibility and reward.

What happens if multiple researchers report the same vulnerability?

In cases where multiple researchers report the same vulnerability, the reward will be granted to the first researcher who submitted a comprehensive and actionable report.

How will I receive my reward?

Rewards will be paid out via bank transfer or cryptocurrency, depending on your preference and applicable laws. Our security team will coordinate with you to arrange the payment.