If you report security issues within our backend, smart contracts, and production operations, we offer a security bounty program. To be eligible for a bounty, be sure to follow these requirements:
Make sure you can describe the security issue you found in a concise and reproducible way.
Contact us first. If you use or publish the vulnerability you will not be eligible for a bounty payout. Our contact address is security@diadata.org.
Give us time to assess and address the issue. Sometimes behaviour can be perceived as security issue.
We will grade severity of reported issues and use the CVSS scale as a guideline. The ultimate decision about the severity we consider to be achieved remains in our discretion.
Payouts will be conducted in an established ERC20 stablecoin like USDC. Please make sure to be able to receive ERC20 tokens.
Severity
Payout
Low
500 - 2500 USDC
Medium
2500 - 5000 USDC
High
5000 - 7500 USDC