Stormrake
Bug Bounty Program
At Stormrake, security is our highest priority. We deeply value the contributions of security researchers and ethical hackers in helping us protect our platform and our customers. If you discover a vulnerability on our client portal (https://app.stormrake.com), we encourage you to report it responsibly through our bug bounty program.
Rewards & Eligibility
We offer rewards based on severity, determined by CVSS (Common Vulnerability Scoring System) and business impact.
Severity
Critical
High
Medium
Low
Reward Range (AUD)
$2,000 – $5,000
$1,000 – $2,000
$300 - $1,000
$50 - $300
We offer rewards based on severity, determined by CVSS (Common Vulnerability Scoring System) and business impact.
To be eligible, you must
Be the first to report the vulnerability
Not be a current Stormrake employee or contractor
Not exploit the vulnerability beyond what is necessary for proof-of-concept
Comply with all local laws
We reserve the right to modify the program rules or terminate it at any time.
Scope
In Scope
app.stormrake.com (client portal)
APIs and services directly associated with the client portal
Out of Scope
Issues on stormrake.com marketing site
Social engineering or phishing
Denial-of-service attacks
Use of automated scanners
Bugs that rely on outdated browsers or plugins
Missing security headers without demonstrable risk
Examples of vulnerabilities we’re interested in
Authentication bypass
Cross-site scripting (XSS)
Cross-site request forgery (CSRF)
Privilege escalation
SQL injection
Server-side request forgery (SSRF)
Insecure direct object references (IDOR)
Misconfigured authentication or session handling
How to Participate
To participate, you will need:
Submit reports to security@stormrake.com
Include clear steps to reproduce the issue
Provide proof-of-concept (PoC) if possible
Do not publicly disclose the vulnerability before resolution
Avoid accessing or modifying customer data
Please allow ten (10) business days for our security team to review.
We thank all security researchers for taking the time to submit reports. Due to the number of submissions we may receive, we may only respond if your submission is eligible for a reward.
Thank You !
We appreciate your help in keeping Stormrake secure. Your efforts help us build a safer crypto environment for all our clients.
