search

Submit a report

Please remember, that disclosing any bugs found on HackenProof’s Programs is prohibited without approval. For more details, please see the Terms of Service.

Once you log into your account, you can find available programs on the Bounties page and in Hacker’s Opportunities. Browse through the list to find a program that matches your expertise. Each program page includes detailed information about its scope, rules, and reward structure. Carefully review the program's scope to understand which assets are in-scope and out-of-scope. Additionally, familiarize yourself with the program rules and disclosure guidelines to ensure compliance.

Submitting a high‑quality vulnerability report is essential for quick verification and effective remediation.

To help you through the process, follow the steps below:

  1. Navigate to the program page where you want to submit your finding. Make sure you are on the correct program — each has its own scope, requirements, and rules.

  2. Locate and click the Submit Report button on the program’s page. This will open the report submission form where you can begin entering your details.

  1. Choose the correct target that best describes where the issue was found. Picking the right target helps team understand the context immediately.

  1. Select the category that most accurately reflects the nature of the vulnerability you are reporting. Picking the correct category helps the team quickly understand the type of issue and ensures it gets reviewed by the right experts.

  1. Set the Severity Level Choose a severity rating that reflects how serious the vulnerability is. You can calculate this automatically using a severity calculator or estimate it manually.

  1. Enter a clear, concise title that summarizes the issue. A good title sets expectations and captures the essence of the vulnerability at a glance.

  1. Vulnerability Details

Provide a comprehensive and clear description of the vulnerability you are reporting. This section should explain:

  • What the issue is — the type of vulnerability.

  • Where it occurs — the exact component, URL, parameter, feature, or asset that is affected.

  • How it manifests — what goes wrong and under what conditions it happens.

  • Impact and risk — potential consequences if the vulnerability is exploited.

  • Any contextual information that helps the team understand the scope of the issue.

  1. Validation Steps

List the detailed actions required to reproduce and verify the vulnerability. This should be written as a step‑by‑step process that anyone reviewing the report can follow exactly:

  • Enter the vulnerable page or feature URL.

  • Perform the required actions (e.g., send a specific request, enter input data).

  • Include the exact values, payload, parameters, headers, or inputs used.

  • Observe and describe the behavior that confirms the vulnerability.

  1. Supporting Files / PoC

    Upload screenshots, logs, or other media that support your submission and help demonstrate the vulnerability.

    Instructions:

    • Click or drag files into the upload area to attach them to your report.

    • You may upload up to 5 files.

    • Maximum file size: 50 MB per file.

    Accepted file formats: bmp, gif, jpeg, png, pdf, mpeg, mp4, mov, csv, txt, zip, sol, rs, md, ts

  1. Review your report thoroughly before submission. Check for clarity, completeness, and accuracy — a well‑structured report significantly improves review time.

  2. Use the “Save as Draft” button if you want to save your progress and continue editing later. This is useful when your report is not yet complete or you want to add more details before submitting.

  3. Choose the “Submit Report” button when your submission is complete and ready for review. Once submitted, your report will be sent to the program team for evaluation and triage.

As soon as you submit a report, you can track its status on the report page in your profile. After submission, you’ll be able to see updates such as status changes, comments from the program team, and any modifications to the severity, vulnerability classification, or reward status directly on your submission page.

You may also receive notifications or messages requesting additional information — be sure to respond promptly to help with verification and resolution.

Note: Remember that you can still change your report within the first 5 minutes after submitting it.

PreviousHow to startNextKYC

Last updated