In order to ensure our userbases safety, HANSA supports bug hunting efforts
and rewards those who find serious vulnerabilities on our market.
Based on severity of the bug and completeness of the submission,
which we will decide at our sole discretion, we offer the following rewards:
- Vulnerabilities that could severely disrupt HANSA's integrity (for example any IP address, personal information of a user or vendor): 10 BTC
- Non critical exploits and vulnerabilities that can take the market offline. This includes XSS vulnerabilities: 1 BTC
- Simple display bugs or unintended behavior (NOT typos or grammar): 0.05 BTC
To be eligible, you must demonstrate a security compromise on our market using a reproducible exploit.
If you encounter a bug, please open a ticket and inform us about your findings
Guidelines for you :
Guidelines for HANSA: :
- Do not make the bug public before it has been fixed.
- Do not perform any attack that could harm the reliability/integrity of our market.
- Do not impact other users with your testing, this includes testing for vulnerabilities in accounts you do not own.
- Do not attempt to gain access to another user’s account or data. Use your own test accounts for cross-account testing.
- The more thorough the proof-of-concept, the higher the chance a payout will be awarded.
- We will respond to you as fast as we can.
- We will keep you updated as we work to fix the bug you submitted.