Bug Bounty Program

We at Spielworks are committed to providing our customers with a safe and secure platform. As part of our ongoing efforts to maintain the highest level of security, we are launching a bug bounty program to encourage and reward responsible disclosure of any security vulnerabilities.

Eligibility

The bug bounty program is open to anyone who finds a security vulnerability in our platform. However, employees, contractors, and partners of Spielworks are not eligible to participate in the program.

SCOPE

The bug bounty program covers any security vulnerability that could impact the confidentiality, integrity, or availability of our platform. This includes but is not limited to:

Limitations

Responsible Disclosure

We take the security of our platform very seriously and ask that all participants in our bug bounty program comply with responsible disclosure practices. This means that vulnerabilities should be reported to us promptly, and all testing should be performed in a manner that minimizes the risk of unintended consequences. Found vulnerabilities should never be made public until and unless they are confirmed to be resolved by the Spielworks team.

Submitting a Bug Report

If you have found a security vulnerability in our platform, please follow these steps to submit a bug report:

  1. Send an email to security@spielworks.com with the subject line "Bug Bounty Report."
  2. Provide a detailed description of the vulnerability, including the steps to reproduce it.
  3. Include any supporting materials such as screenshots, code snippets, or logs.
  4. If possible, provide a proof of concept (PoC) that demonstrates the vulnerability.
  5. Indicate the severity of the vulnerability according to the following guidelines:
    Critical: vulnerabilities that could lead to the compromise of user data, system resources, or customer information, or any vulnerability that could result in a complete system compromise and/or prolonged downtime.
    High: vulnerabilities that could lead to the disclosure of sensitive information, unauthorized access to user accounts, short term systems downtime or other serious impacts.
    Medium: vulnerabilities that could lead to the compromise of less sensitive information, such as email addresses or usernames, or other moderate impacts
    * Low: vulnerabilities that have minimal impact on the security or availability of the platform.

Payouts

We offer the following payout tiers based on the severity of the vulnerability. Payouts are done in $WOMBAT tokens on the chain of choice, using the current exchange rate on the day of the payout (https://www.coingecko.com/en/coins/wombat). 

Please note that the final payout amount will be at our discretion, based on the severity and impact of the vulnerability. We reserve the right to modify or terminate this bug bounty program at any time.

Thank you for helping us maintain the security of our platform!