🏆 Bug Bounty Program

Help us make Fizenwallet more secure and earn rewards up to $50,000

$250K+

Total Rewards Paid

150+

Vulnerabilities Fixed

48h

Average Response Time

🔴 CRITICAL

$50,000

Remote code execution, Private key extraction

🟠 HIGH

$10,000

Bypass authentication, Fund theft vulnerabilities

🟡 MEDIUM

$2,500

Limited data exposure, DoS attacks

🟢 LOW

$500

UI bugs, Minor issues

📝 Program Overview

The Fizenwallet Bug Bounty Program is designed to encourage security researchers to help us identify and fix vulnerabilities in our hardware wallet products and associated software.

Why Participate?

Competitive Rewards: Up to $50,000 for critical vulnerabilities
Recognition: Get listed in our Hall of Fame
Fast Response: Average 48-hour initial response time
Clear Guidelines: Transparent rules and reward structure
Legal Protection: Safe harbor provisions for good faith research

🎯 Program Scope

In Scope

Target	Type	Priority
Fizenwallet Hardware (Latest Models)	Hardware	★★★★★
Firmware (Latest Version)	Software	★★★★★
Desktop Application	Software	★★★★
Mobile Applications (iOS/Android)	Software	★★★★
*.fizenwallet.co.com	Web	★★★

Out of Scope

Third-party services and applications
Outdated firmware versions (more than 2 versions old)
Physical attacks requiring device modification
Social engineering attacks
Denial of Service attacks on production systems
Spam or volumetric attacks

💎 Qualifying Vulnerabilities

Critical Severity ($10,000 - $50,000)

Private key extraction from hardware device
Remote code execution on device
Bypass of secure element protections
Firmware signature bypass

High Severity ($2,500 - $10,000)

Authentication bypass
Unauthorized transaction signing
Memory corruption vulnerabilities
Cryptographic implementation flaws

Medium Severity ($500 - $2,500)

Limited information disclosure
Local privilege escalation
Cross-site scripting (XSS) in web interfaces
SQL injection in non-critical systems

Low Severity ($100 - $500)

UI/UX bugs affecting functionality
Minor information leakage
Low-impact denial of service

🚀 Submission Process

Discover

Find a vulnerability in our products

Document

Create detailed proof of concept

Submit

Send report via secure channel

Review

Our team validates the finding

Reward

Receive your bounty payment

Report Requirements

Your submission should include:

Description: Clear explanation of the vulnerability
Impact: Potential security impact
Steps to Reproduce: Detailed reproduction steps
Proof of Concept: Code, screenshots, or video
Affected Versions: Specific version numbers
Remediation: Suggested fixes (optional)

📋 Rules and Guidelines

Do's

✅ Test only on your own devices and accounts
✅ Report vulnerabilities promptly
✅ Allow us time to fix issues before disclosure
✅ Provide detailed, clear reports
✅ Be professional and respectful

Don'ts

❌ Access or modify other users' data
❌ Perform destructive testing
❌ Use automated scanning tools excessively
❌ Publicly disclose before fix is available
❌ Demand unreasonable rewards

Legal Safe Harbor

We commit to not pursue legal action against researchers who:

Act in good faith
Follow our disclosure guidelines
Don't cause harm to users or systems
Don't violate privacy of other users

🌟 Hall of Fame

We thank these security researchers for making Fizenwallet more secure:

👨‍💻

John Doe

5 bugs found

👩‍💻

Jane Smith

3 bugs found

🦾

CyberSec101

7 bugs found

🎭

Anonymous

2 bugs found

🚀

BugHunter

4 bugs found

💡

SecExpert

6 bugs found

Ready to Start Hunting?

Submit your findings through our secure portal

Submit Vulnerability

For encrypted communications, use our PGP key available at security.fizenwallet.co.com/pgp