🐛
🔍
🛡️
💻

Bug Bounty Program

Help us secure Fineriwallet and earn rewards up to $50,000

$250K+ Total Rewards Paid
150+ Vulnerabilities Fixed
50+ Security Researchers

Reward Tiers

Rewards are based on the severity and impact of the vulnerability

Critical
$10,000 - $50,000
Remote code execution, private key extraction, complete device compromise
High
$5,000 - $10,000
Authentication bypass, significant data exposure, firmware vulnerabilities
Medium
$1,000 - $5,000
Limited data exposure, denial of service, moderate security issues
Low
$100 - $1,000
Minor issues, informational findings, low-impact vulnerabilities

Program Scope

In Scope

  • Fineriwallet hardware device firmware
  • Official Fineriwallet software applications
  • Web application (fineriwallet.co.com)
  • API endpoints and services
  • Authentication and authorization systems
  • Cryptographic implementations
  • Supply chain security
  • Physical security (with prior approval)

Out of Scope

  • Third-party services and libraries
  • Social engineering attacks
  • Denial of Service (DoS) attacks
  • Physical attacks without approval
  • Issues in unsupported/EOL versions
  • Theoretical vulnerabilities without PoC
  • Spam or social media interactions
  • Already reported vulnerabilities

Submission Process

Follow these steps to submit a vulnerability report

1
Discover
Find a security vulnerability in our products
2
Document
Create detailed report with proof of concept
3
Submit
Send report to security@fineriwallet.co.com
4
Review
Our team reviews and validates the report
5
Reward
Receive your bounty payment

Program Rules

Please follow these guidelines for responsible disclosure

📝 Reporting Requirements

  • Provide clear description of the vulnerability
  • Include step-by-step reproduction instructions
  • Attach proof of concept code if applicable
  • Specify affected versions and components

⚠️ Responsible Disclosure

  • Do not disclose publicly before fix is released
  • Allow reasonable time for patching (90 days)
  • Do not exploit vulnerabilities maliciously
  • Respect user privacy and data

Testing Guidelines

  • Only test on your own accounts/devices
  • Avoid automated scanning tools
  • Minimize impact on other users
  • Clean up any test data created

🚫 Prohibited Actions

  • Accessing user data without permission
  • Destroying or corrupting data
  • Disrupting service availability
  • Physical damage to hardware

💰 Payment Terms

  • Rewards paid via bank transfer or crypto
  • Tax reporting may be required
  • Multiple reports = cumulative rewards
  • First valid report receives full bounty

⚖️ Legal Protection

  • Safe harbor for good faith research
  • No legal action for authorized testing
  • Must comply with all applicable laws
  • Protection under responsible disclosure

Ready to Submit?

Found a vulnerability? Submit your report and help us improve security

Submit Vulnerability Report

PGP Key available for encrypted communications

Security Researchers Hall of Fame

Thank you to these security researchers for making Fineriwallet more secure

JD
John Doe
Critical vulnerability - December 2023
AS
Alice Security
High severity finding - November 2023
BH
Bob Hacker
Multiple medium findings - October 2023
CR
CryptoResearcher
Cryptographic vulnerability - September 2023