Bug Bounty | Pantera

Pantera Bug Bounty Program

Welcome to Pantera’s Bug Bounty Program. We appreciate your dedication to helping us improve our security and protect our users.

Scope

Our bug bounty program includes vulnerabilities in the following areas:

Web applications
Network infrastructure

Out of Scope

The following are explicitly out of scope for this program:

Vulnerabilities in third-party services or applications
Social engineering attacks
Physical security vulnerabilities
Issues related to outdated browsers or unsupported software

Rewards

We value your contributions and offer rewards based on the severity of verified vulnerabilities:

Low Severity: $250
Medium Severity: $500
High Severity: $1,000
Critical Severity: $5,000

Important Notes

The final severity assessment and reward amount, if applicable, are determined by Pantera in its sole absolute discretion.
Only the first reporter of a vulnerability will be eligible for a reward.

Submission Guidelines

To submit a vulnerability report, please provide the following information via email to security@panteracapital.com :

A clear, detailed description of the vulnerability;
Steps to reliably reproduce the issue;
The potential impact of the vulnerability; and
Proof of concept or relevant supporting evidence.

Program Rules

To ensure the integrity of our bug bounty program, participants must adhere to the following rules:

Compliance: Participants must comply with all applicable laws, including local, state, national, and international regulations.
Responsible Disclosure: You must not exploit any discovered vulnerability, attempt to access user data, disrupt our services, or damage our systems.
Good Faith Testing: Conduct all testing in good faith, ensuring minimal impact on our users and services.
Confidentiality: Do not disclose any details of the vulnerability to the public or third parties without prior written consent from Pantera.

Legal Terms

By participating in this program, you agree to the following:

Eligibility: You affirm that you are legally authorized to participate in this program and that your activities are lawful in your jurisdiction.
Ownership: All information regarding vulnerabilities submitted to Pantera becomes the property of Pantera. You waive any claims to intellectual property rights over the reported vulnerabilities.
Modifications: Pantera reserves the right to modify the terms, scope, or rewards of the bug bounty program or terminate it at any time without prior notice.
No Employment Relationship: Participation in this program does not create any form of employment or contractual relationship with Pantera.
Limitation of Liability: Pantera is not liable for any damages, direct or indirect, arising from participation in this program, including but not limited to:

- Loss of data, business, or profits.
- Damage to your systems, devices, or applications.
No Guarantee of Reward: Submission of a report does not guarantee a reward. Rewards are issued solely at Pantera’s discretion based on the validity and severity of the reported vulnerability.
Age and Capacity Requirements: You must be at least 18 years old or the age of majority in your jurisdiction, whichever is greater, to participate.
Exclusions for Restricted Individuals or Entities: Participation is prohibited for individuals or entities:
- Residing in countries subject to U.S. trade restrictions, sanctions, or embargoes.
- Listed on U.S. government restricted parties lists.
Non-Disclosure Agreement (NDA): You may be required to sign an NDA before receiving rewards for critical vulnerabilities or as otherwise requested by Pantera.
Exclusion of Automated or Bulk Testing Tools: Automated vulnerability scanners or bulk testing tools are not permitted unless expressly authorized in writing by Pantera.
No Third-Party Claims: By submitting a report, you confirm that all information provided is your original work and does not infringe on any third party’s rights. You indemnify Pantera against any claims from third parties arising out of your submission.
No Retroactive Rewards: Vulnerabilities discovered or reported before the launch of this program or outside of its defined scope are ineligible for rewards.
Conflict of Interest: Employees, contractors, or affiliates of Pantera, as well as their immediate family members, are not eligible to participate in the program or receive rewards.
Taxes: You are responsible for reporting and paying any taxes associated with rewards in your jurisdiction. Pantera may withhold taxes where required by law.
Governing Law and Jurisdiction: This program and its terms are governed by the laws of Delaware. Any disputes arising from this program will be resolved exclusively in the courts located in Delaware.

Exclusions

This program does not authorize participants to:

Test against any third-party services or applications integrated with our systems.
Perform denial-of-service attacks or introduce malware.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.