Bug bounty

© Tradeit.gg 2017-2021, All Rights Reserved. |  Powered by Steam. Not affiliated with Valve Corp

Tradeit security bug bounty

We take privacy and security very seriously. As such, we encourage everyone to participate in our open bug bounty program, which incentivizes researchers and hackers alike to responsibly find, disclose, and help us resolve security vulnerabilities. As with many bug bounties out there,  we have a fairly straightforward and simple set of rules that help protect both us and those looking to disclose. 

To report non-security bugs (or anything else), please contact support.

Thanks for participating and happy bug hunting!

Rewards

LOW

$100

MEDIUM

$300 - $500

HIGH

$1,000+

CRITICAL

$5,000+

What we would like you to give special attention to: 

- Site balance manipulations 

- Trading/Purchase manipulations (e.g. trading with no balance) 

- Unauthorized access to project servers (e.g. vulnerabilities that leads to RCE). 

- XSS vulnerabilities on the assets with critical functionality (with proven script execution) 

- Serverside vulnerability with information disclosure (e.g. memory Leaks / IDORs) of critical or highly confidential data 

- Any other vulnerability that breaks business logic or can lead to loss of user privacy.

Rules

  • Don't perform any actions that could harm the reliability or integrity of our services and data. Some examples of harmful activities that are not permitted under this bounty include: brute forcing, denial of service (DoS), spamming, timing attacks, etc.
  • Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
  • No information about issues found should be publicly disclosed or shared.
  • When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced).
  • Social engineering (phishing) is prohibited.
  • Tradeit will not take legal action against users for disclosing vulnerabilities as instructed here.
  • Based on the validity, severity, and scope of each issue, we'll reward you with cash or items.
Submit a VulnerabilitySubmit a Vulnerability

Found something?