BUG BOUNTY PROGRAM
We at Spielworks are committed to providing our customers with a safe and secure platform. As part of our ongoing efforts to maintain the highest level of security, we are launching a bug bounty program to encourage and reward responsible disclosure of any security vulnerabilities.
The bug bounty program is open to anyone who finds a security vulnerability in our platform. However, employees, contractors, and partners of Spielworks are not eligible to participate in the program.
The bug bounty program covers any security vulnerability that could impact the confidentiality, integrity, or availability of our platform. This includes but is not limited to:
Cross-site scripting (XSS)
Cross-site request forgery (CSRF)
SQL injection
Remote code execution
Authentication and authorization issues
Privilege escalation
Server-side request forgery (SSRF)
Information disclosure
Denial of service (DoS)
Brute force attacks
Social engineering attacks
Any other vulnerability that could compromise the security of our platform
Only the first person to report a unique vulnerability will be eligible for a bounty
The bug bounty program is not a license to perform destructive testing, and any activities that could harm the availability or integrity of our platform are strictly prohibited. Testing or other actions which cause any noticeable service disruption with user, financial and/or reputation impact for Spielworks will disqualify the participant from being considered for any bounty whatsoever and may result in legal action
Any vulnerabilities found as part of automated scanning or testing tools are not eligible for the program
Any vulnerabilities found in third-party applications, libraries, or frameworks used by our platform are not eligible for the program
Any vulnerabilities found in services or systems that are not owned or operated by Spielworks are not eligible for the program
Any attempts to access or modify data other than your own is strictly prohibited and may result in legal action
The scope of the program is limited to the Spielworks platform and the services we provide, vulnerabilities not directly impacting our services (such as this website) are out of scope of the program.
We take the security of our platform very seriously and ask that all participants in our bug bounty program comply with responsible disclosure practices. This means that vulnerabilities should be reported to us promptly, and all testing should be performed in a manner that minimizes the risk of unintended consequences. Found vulnerabilities should never be made public until and unless they are confirmed to be resolved by the Spielworks team.
If you have found a security vulnerability in our platform, please follow these steps to submit a bug report:
Send an email to security@spielworks.com with the subject line "Bug Bounty Report."
Provide a detailed description of the vulnerability, including the steps to reproduce it.
Include any supporting materials such as screenshots, code snippets, or logs.
If possible, provide a proof of concept (PoC) that demonstrates the vulnerability.
Indicate the severity of the vulnerability according to the following guidelines:
* Critical: vulnerabilities that could lead to the compromise of user data, system resources, or customer information, or any vulnerability that could result in a complete system compromise and/or prolonged downtime.
* High: vulnerabilities that could lead to the disclosure of sensitive information, unauthorized access to user accounts, short term systems downtime or other serious impacts.
* Medium: vulnerabilities that could lead to the compromise of less sensitive information, such as email addresses or usernames, or other moderate impacts
* Low: vulnerabilities that have minimal impact on the security or availability of the platform.
Payouts are done in $WOMBAT tokens on the chain of choice (Polygon or WAX). Payout amount will be at our discretion, based on the severity and impact of the vulnerability.
We reserve the right to modify or terminate this bug bounty program at any time.
Thank you for helping us maintain the security of our platform!
