We really appreciate you wanting to help make WazirX a bug free exchange for every trader!
While we don't have an official Bug Bounty Program just yet, we'll be happy to reward you fairly depending on the seriousness of the bug/vulnerability. A formal bounty policy is in the making. In the meanwhile, a few points you should keep in mind -
- You should report your findings directly to us, maintaining confidentiality and without making it publicly available. This gives us an opportunity to be able to make necessary fixes quickly and avoid a possible further exploitation of the vulnerability/bug.
- Reported bugs or vulnerabilities must substantially affect the security of user data, transactions, funds, authentication flaws or affect any other system or user integrity
- Please do not attempt security test conditions that may degrade or disrupt services, violate privacy, delete data or cause any similar severely impactful scenarios
- If an existing known issue or previously reported vulnerability/bug is reported, it won't qualify for the bounty or may qualify at the discretion of the technology team at WazirX
You can fill in the Bug Report form and share a detailed description of the bug/vulnerability you will be reporting by including steps to reproduce it accurately and also describing the potential impact of the vulnerability. The inclusion of screenshots or screen recordings will be highly appreciated.
While we run this program in good faith, WazirX reserves the right to make any changes without prior notice. The decision on bounty eligibility will be made by WazirX and will be final and binding.