Bug Bounty is an activity that allows you to get a reward for detecting various vulnerabilities on the exchange. Since security and reliability are the main principles of WhiteBIT exchange, we have implemented the Bug Bounty program aimed at finding bugs and vulnerabilities.
Participation in this program helps our team to eliminate bugs and users to get a reward of up to $10,000.
How to participate?
If you have detected a vulnerability and want to participate in the Bug Bounty program, you need to:
- Read the rules of the program in the Bug Bounty Policy.
In this section, you can learn how to report a bug, which vulnerabilities are non-risk and non-bounty, what the reward may be if the problem is confirmed, and important aspects regarding disclosure.
- Report the found bug to the WhiteBIT team.
You can do this by submitting a report to security@whitebit.com, or by clicking on the corresponding “Submit Vulnerability to Security” button on the program page. To participate in Bug Bounty, you should send a text description of the work you performed to find the bug, arguments of potential harm, and steps to fix the vulnerability. Your report will be considered if you submit detailed information about the issue, including the information needed to verify and confirm it.
Please note: the exchange independently determines the risk level for each reported bug after a thorough check and confirmation of the existence of the bug or vulnerability. It is important to note that DDoS, Self-XSS, Spam, Social engineering attacks are not eligible for reward.
- Make every possible effort to prevent damage to the exchange and its users.
Since we need time to fix the vulnerability, it is the responsibility of the tester to keep information confidential, avoid data destruction, interruption, or disruption of our services.
- Do not share vulnerability information with third parties.
Public disclosure of the error makes it impossible to get a reward.
We also recommend reading information on how to take part in the Bug Bounty program on our Testnet and Whitechain Explorer.
Reward
The reward is calculated depending on the type of the error. A tester can receive a reward under the following conditions:
- Being the first to report the problem;
- Our experts have confirmed that such a bug exists by checking your report against the specified steps;
- WhiteBIT has made code or configuration changes based on your report.
It's also important to note that you are more likely to receive increased rewards if you show how vulnerabilities can be used to do maximum damage.
Please note: if you manage to find chains of issues, you can only be rewarded for the vulnerability with the highest level of harm.
Bug Bounty on Hackenproof
Hackenproof is a Bug Bounty platform that is our official partner. On the website you can also report a bug, after registration, by selecting WhiteBIT among the projects and the type of reporting subject (blockchain, web, mobile):
Submitting a report through Hackenproof helps to increase your profile on the platform as well as your reputation. The terms of participation in the bug bounty program do not differ, you can read all the details on the page.
Please note: the way you participate in Bug Bounty (via a page on our exchange or on Hackenproof) has no effect on the program's rewards. Therefore, you can submit a vulnerability report using any method you like.
Support
In case of any questions related to the functionality of our exchange, you can:
- Leave a request on our website;
- Write to the support email: support@whitebit.com;
- Write to the chat using the button
in the lower right corner of the screen (in the upper right corner of the WhiteBIT app, click
).