Status strives to be a secure communication tool that upholds human rights. Designed to enable the free flow of information, protect the right to private, secure conversations, and promote the sovereignty of individuals.
Check Out The Rewards
If you find a vulnerability according to the bounty rules, Status will reward you:
- Critical: $3,000 – $5,000
- High: $1,000 – $3,000
- Medium: $300 – $1,000
- Low: $100 – $300
Join The Bounty Hunt
There are 3 asset types to scope!
Make sure your reports contain info about these incidents:
- Please provide detailed reports with reproducible steps. If the report is not precise enough to reproduce the issue, it will not be eligible for a reward.
- Submit one vulnerability per a report, unless you need to chain vulnerabilities to provide impact.
- When duplicates occur, we only award the first report received (provided that we can fully reproduce).
- Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
- Researchers may not, and are not authorized to engage in any activity that would be disruptive, damaging, or harmful to Status.im, Waku & Vac brands or its users. This includes social engineering (e.g., phishing, vishing, smishing), physical security, and denial of service attacks against users, employees, or Status.im as a whole. Social engineering is prohibited.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.
- If you gain access to sensitive information such as personal information, credentials as part of vulnerability, it must not be saved, stored, transferred, accessed, or otherwise processed after the initial discovery.
- Only reports submitted to this program and against assets in scope will be eligible for a monetary award. Nevertheless there might be exceptions that can be elegible for a monetary reward, depending on the impact.
- Before causing damage or potential damage: Stop, report what you’ve found and requested additional testing permission.
- Previous bounty amounts are not considered a precedent for future bounty amounts.
- Minimize the mayhem. Adhere to program rules at all times.
To increase your chances of finding a critical bug, read Status whitepaper here.
Once you’re ready, click here to join the bounty hunt!