Program LCX Bug Bounty

Zaradite nagrade za pronalaženje sigurnosnih grešaka

Help us keep LCX and our users safe. Report vulnerabilities responsibly on HackenProof and get rewarded.

Pregled programa Bug Bounty

Ključna pravila

  • Report vulnerabilities as soon as discovered and validated, with instructions and proof of concept where possible.

  • Do not make threats or ransom demands.

  • Do not do more than needed to prove a vulnerability.

  • Act in good faith and avoid policy violations.

  • Keep all findings and communications confidential until LCX has addressed the issue.

Pravilnik

Security is at the core of everything we do at LCX. Our bug bounty program, powered by HackenProof, allows security researchers and the broader community to help us identify and fix vulnerabilities before they can be exploited. By participating, you agree to act in good faith, keep findings confidential until we have addressed them, and follow the program rules on HackenProof.

Proces prijave

1

Submit your report on HackenProof with details, steps to reproduce, and impact.

2

LCX security team acknowledges and triages the submission.

3

We respond with our determination and, if valid, severity level and reward.

4

For confirmed vulnerabilities, the reward is paid according to the program terms.

Nagrade

All bounty submissions are reviewed by LCX and rewarded based on vulnerability severity and impact. Payout scales and scope are defined on our HackenProof program page.

Ocjena ranjivosti

Critical

Critical severity issues present a direct and immediate risk to users or LCX systems (e.g. access to sensitive production data, bypassing authentication).

High

High severity issues allow reading or modifying highly sensitive data without authorization (e.g. access to systems or data an attacker should not have).

Medium

Medium severity issues allow limited unauthorized access to data or systems (e.g. certain XSS or CSRF, disclosure of non-critical information).

Low

Low severity issues have minimal impact or allow very limited unintended behavior (e.g. verbose errors without proof of exploitability).

Ready to report a vulnerability?

Submit your finding on HackenProof to be eligible for rewards.