HackenProof Docs
  • Welcome
    • HackenProof
      • Services we provide
      • Our resources
    • Integrations
      • Slack
      • Discord
      • Telegram
      • Zapier (Webhook)
        • Zapier -> Lark
        • Zapier -> Linear
        • Zapier -> Jira Service Management
        • Zapier -> PagerDuty
        • Zapier -> Google Chat
        • Zapier -> ClickUp
      • Jira Software
      • GitHub Issue
      • GitLab Issue
      • VDP iFrame
    • FAQ
      • Audit & Bug Bounty (BB)
      • Crowdsourced Audit & BB
      • Penetration testing & BB
    • Emergency
      • Reset 2FA
    • Code of Conduct
    • Referral Program
  • Bug Bounty
    • Bug Bounty process
    • How to start Bug Bounty
    • How to create a VDP
    • Vulnerability classification
      • Web & Mobile
        • Out-of-Scope Bugs
      • Smart contracts
      • Blockchain protocols
    • Reports Basics
      • Points Guide
      • Crafting a well-readable report
  • Dashboard
    • Company dashboard
      • Manage programs
      • Manage reports
      • Share report
      • Labels
      • E2E report encryption
      • Reports decrypting with Mailvelope
      • Users and roles
      • Program/Report Assignee
      • Replenish your balance
      • Integrations
    • Hacker dashboard
      • 👉How to start
      • Submit a report
      • Reports Basics
      • Vulnerability classification
      • 👮‍♂️KYC
      • Сreate a crypto wallet
      • 💸Withdraw bounty
      • Hacker Leaderboard
      • Reset 2FA
      • 🍕HackenProof community
      • Report ID
      • Private Program
      • Contact support
    • Company-Auditor dashboard
      • How to start
      • Add members
      • Submit report
      • Contact support
  • Crowdsourced audit
    • Audit process
    • How to start Audit
    • Supported tech
    • Vulnerability classification
    • Reports Basics
    • Qualified Auditors
    • Judging / Triaging
      • Targets
      • Team
    • [CA] Bounty Distribution Rules
    • Fee & Payments
  • DualDefense Audit
    • What is DualDefence Audit
    • General Guidelines
    • How DualDefence Audit goes
    • Contest Phases
    • Vulnerability classification
      • [DD] Smart Contracts
    • [DD] Bounty Distribution Rules
  • good to know
    • Changelog
    • Branding
    • Vulnerability Disclosure
  • Education
    • Courses
    • Tools
    • Useful sources
Powered by GitBook
On this page
  • How it works
  • Before the Bug Bounty
  • During the Bug Bounty
  • After the Bug Bounty
  1. Bug Bounty

Bug Bounty process

PreviousReferral ProgramNextHow to start Bug Bounty

Last updated 1 year ago

How it works

  • You will need to register your account (or the HackenProof team will register), and draft the program rules & rewards, and specify targets for hackers (or our team will lead this process as well)

  • As soon as everything is agreed with the HackenProof team, the program comes alive. Then HackenProof will make social media announcements and another process around the promotion

  • Researchers will start submitting vulnerability reports

  • As soon as you get the report you need to review (or the HackenProof team) it due to the specified program SLA

  • If the reviewed report is valid you will pay through the HackenProof platform to the researcher

Before the Bug Bounty

  • Welcome to or to get answers to the questions you might have

During the Bug Bounty

  • Please don't break the rules. If you don't follow Program SLA we will delist you from the HackenProof platform

  • The final decision on the severity level and a bounty is always on the client, but please don't try to downgrade the hacker reward or hide the real severity of the report. If you don't follow the rules we will delist you from the HackenProof platform

  • If you triage reports by yourself we may still ask you to allow us to review some reports if researchers have notified us of a reduced reward or severity

  • Please avoid discussing any issues submitted by researchers in an open channel

After the Bug Bounty

  • In case you decide to stop running the program for an unpredictable time, you can ask our team to delete your account or just freeze it for an unlimited time (we store your data in accordance with our official policy).

book the call
write us in telegram