The Lancerify Bug Bounty Program
Help us find code vulnerabilities and get Tether rewards.
Help Us Find Security Flaws
Lancerify is committed to providing a secure environment for its users. While our IT specialists work diligently to identify any potential security issues, it’s always possible that some may be missed.
As a result, we have launched a bug bounty program that enables all Lancerify users to earn rewards for helping find code vulnerabilities.
Get Rewards
The reward size is determined by the reported issue severity.
| Reward (Tether) | Bug Severity |
| 150 | Critical |
| 50 | High |
| 10 | Medium |
| 5 | Low |
The bug bounty reward may be boosted – that’s how:
?What Bugs We’re Looking for
The Lancerify bug bounty program applies to all the services offered on our platform. We consider vulnerabilities that could lead to financial loss or data breaches as most severe. Such issues may include, but are not limited to:
Out-of-scope vulnerabilities
SMS-Bombing
Clickjacking
Brute-force
Self XSS
Missing best practices in SSL/TLS configuration
DOS and DDOS (Application and Network)
Social Engineering
Lack of SPF/DKIM/DMARC implementation
Missing secure flag in Cookie
Missing secure HTTP headers
Disclosure of server or software version numbers
Reports extracted from vulnerability scans
Password complexity
Username / email enumeration
Disclosure of JavaScript API keys (e.g. API key for map service)
CSRF and CORS misconfiguration with no security impact
Allowed domains
Lancerify.com
Lancerify.ir
api.Lancerify.com
How to Report a Bug
Step 1
Find any of the vulnerabilities stated above and compile a report that contains a sufficient proof of concept. For instance, in case of web-related problem, a report should contain:
1- HTTP requests/responses with impacted parameters
2- Screenshots or videos (if needed)
3- Browser info (type), OS, device, and app version
4- Description of the potential issue consequences
5- Recommendations on how to fix the issue (optional)
Step 2
Let us know about the bug before publicly sharing it anywhere – it will give us time to evaluate and fix the issue.
Step 3
Submit your vulnerability reports.
Step 4
Receive the award amount.
Vulnerability Disclosure
We expect all bug bounty program participants to respect the following responsible disclosure principles:
1- Provide us a reasonable amount of time to fix the issue before sharing it elsewhere.
2- Do not violate the other users’ privacy (do not interact with individual accounts), damage the platform data, or engage in fraudulent activity towards Lancerify or its users.
3- Use your own account for purposes that require account access.
4- If you unintentionally accessed private data (like access codes), delete it after notifying us first.
5- If you were able to access Lancerify funds due to a bug, you must return the entire amount to Lancerify.com .
Found a Bug? Report It
Let us know as soon as possible when you discover of a potential security issue, and we’ll do our best to patch it.
Send reports to: Parsfreelancer at gmail.com
The process of responding to emails will take between 2 and 5 business days.