Report Bug
- We will only assess vulnerabilities that are delivered to us via efex.pro/bug-bounty Any finds that are delivered using other channels will be ignored.
- We will only respond to submissions that are detailed and explained with reproducible steps.
- If a vulnerability you submit triggers another one, please submit both vulnerabilities separately. Only one vulnerability per submission.
- Vulnerabilities or findings that are outside the scope (see out of scope section at the bottom ) will not be assessed.
- In cases where the same vulnerability is submitted by two or more people, only the first person who identified it will be rewarded and listed in our Hall of Fame.
- All submissions will be responded to within 3 days. The more important errors/bugs will be responded to more quickly.
- Sending your findings with a fake email address and credentials is forbidden. Submission from these accounts will not be assessed.
- The person who has the vulnerabilities should be the one submitting them. Don’t submit security flaws on other people’s behalf.
- The right to share the submitted vulnerabilities with the public, third party partners or employees is reserved by EFEX (Farhad Exchange).
- When you submit, you accept the terms and conditions of our program.
You can let us know about non-security issues at EFEX (Farhad Exchange)