June 14

Bug Bounty Program

At LendingOwl, we prioritize the security and reliability of our platform. We believe in working closely with the security community to identify and address potential vulnerabilities. To this end, we launched a Bug Bounty Program to reward individuals who help us improve our systems.

Scope
Our Bug Bounty Program covers the following areas:
- Telegram Bot: Any vulnerabilities affecting our Telegram bot operations.
- Smart Contracts: Issues related to our smart contract functionalities and interactions.
- Website: Vulnerabilities on our main website, including user interfaces and backend services.
- APIs: Security issues within our application programming interfaces.

Rewards
We offer rewards based on the severity of the identified vulnerability:
- Critical: Up to $5,000
- High: Up to $2,000
- Medium: Up to $1,000
- Low: Up to $500

Rewards are determined based on the impact, exploitability, and report quality. We reserve the right to adjust reward amounts at our discretion.

Submission Guidelines
To participate in the LendingOwl Bug Bounty Program, please follow these guidelines:
1. Report: Submit your findings via email to [email protected] with the subject line "Bug Bounty Submission".
2. Details: Provide detailed information about the vulnerability, including steps to reproduce, potential impact, and any relevant screenshots or proof of concept.
3. Proof of Concept: Ensure that the reported vulnerability is exploitable and provide a clear proof of concept.
4. Confidentiality: Do not publicly disclose the vulnerability until we have resolved the issue and given you permission to do so.

Eligibility
- You must be the first person to report the vulnerability.
- The vulnerability must be in-scope and not previously known to us.
- You must not violate any laws or disrupt our services during your testing.

Exclusions
The following are excluded from the scope of our Bug Bounty Program:
- Social engineering attacks.
- Physical attacks.
- Issues related to outdated browsers or plugins.
- Reports from automated tools or scanners without clear proof of exploitability.

Response Time
We aim to acknowledge your submission within 48 hours and provide a resolution timeline within two weeks.

Compensation for Account Issues
The company will also compensate any individual that has had issues with his or her account for over 5 days. If you have experienced any problems accessing or using your account for this duration, please email our support team at [email protected] or via our telegram support Bot for further assistance.

Thank you for helping us keep LendingOwl secure!

For any questions or further information, please reach out to us at [email protected].