DuckDice is taking seriously all the Bug and Security Vulnerability reports and encourage all white hat hackers to scan our site for issues. DuckDice Bug Bounty program have following conditions and prices:
All security researchers have to:
- Submit a report in as many details as necessary and collaborate with our tech team for providing more details;
- Providing us with a reasonable amount of time to fix the issue before publishing it anywhere;
- Do not leak or destroy any user or internal data;
- Do not defraud users or DuckDice itself in the process of discovery.
DuckDice have 5 levels of a report severity, the first level is a previously unknown security vulnerability report which cannot be exploited to harm users or DuckDice the fifth level is a security vulnerability that can be exploited to steal funds or sensitive data.
We reserve the right to decide if the requirement for a certain level has been met and whether it was previously reported.
Anything that has the potential for financial loss or data breach is of sufficient severity, including:
- Authentication bypass or privilege escalation
- Remote code execution
- Obtaining user information
The following would not meet the significant level:
- Vulnerabilities on sites hosted by third parties;
- Vulnerabilities in third party applications.
To Submit a bug report, please email firstname.lastname@example.org with the following:
- Description and potential impact;
- Steps to reproduce the issue or a proof of concept.