🔒 Bug Bounty Program

Help us keep SwiftSwap secure. Report vulnerabilities and earn rewards.

$15,000

Max Reward

72h

Response Time

Safe

Harbor Policy

Reward Structure

Severity	Reward	Examples
Critical	$5,000 – $15,000	RCE, Auth bypass, Fund theft
High	$1,000 – $5,000	SQLi, IDOR (financial), Privilege escalation
Medium	$250 – $1,000	XSS, CSRF, Sensitive data exposure
Low	$50 – $250	Missing headers, Minor info disclosure

In Scope

swiftswap.net (main site)
api.swiftswap.net (API)
All subdomain endpoints
iOS/Android apps (when released)

Out of Scope

Denial of Service (DoS/DDoS) attacks
Social engineering attacks
Physical security
Third-party services
Issues without security impact
Volumetric/rate limit reports without proof of impact

Rules of Engagement

Do NOT access, modify or delete user data
Do NOT perform attacks on production with real funds
Test only on your own accounts
Report immediately, do not exploit further
No public disclosure before 90 days or fix
Provide clear PoC (Proof of Concept)

Submit a Report

Or email directly: security@swiftswap.net