We will only assess vulnerabilities that are delivered to us via www.efex.pro/bug-bounty Any finds that are delivered using other channels will be ignored.
We will only respond to submissions that are detailed and explained with reproducible steps.
If a vulnerability you submit triggers another one, please submit both vulnerabilities separately. Only one vulnerability per submission.
Vulnerabilities or findings that are outside the scope (see out of scope section at the bottom ) will not be assessed.
In cases where the same vulnerability is submitted by two or more people, only the first person who identified it will be rewarded and listed in our Hall of Fame.
All submissions will be responded to within 3 days. The more important errors/bugs will be responded to more quickly.
Sending your findings with a fake email address and credentials is forbidden. Submission from these accounts will not be assessed.
The person who has the vulnerabilities should be the one submitting them. Don’t submit security flaws on other people’s behalf.
The right to share the submitted vulnerabilities with the public, third party partners or employees is reserved by FarhadExchange.
When you submit, you accept the terms and conditions of our program.
You can let us know about non-security issues at Farhad Exchange FarhadExchange
Hall of Fame
Join our Bug Bounty Campaign and be part of our mission to fortify our platform’s security. We invite you to put your skills to the test, uncover vulnerabilities, and help us create a safer environment for our users. Discover bugs, report them responsibly, and earn generous rewards in return. Your expertise is invaluable in our continuous effort to stay one step ahead of potential threats.