Report a Vulnerability
Please provide as much detail as possible along with your contact information so that we can properly assess the situation and follow up with any additional questions. We thank you for your participation — as well as your discretion — in reporting. Please do not share any unresolved vulnerability with any third parties.
mail: [email protected]
Bounty Program
Reward
| Severity | Payout |
|---|---|
| Critical | $500 |
| High | $300 |
| Medium | $200 |
| Low | $100 |
| Communication | SLA |
|---|---|
| Initial Communication | Upon receipt of new report |
| Triage | 2–5 business days from receipt of new report |
| Bounty Payout | 7–10 business days from Triage |
| Response to Researcher questions | 2–5 days from posted question |
Eligibility
Track3D reserves the right to decide the weakness and severity of a report and whether the vulnerability was previously reported. Rewards are granted entirely at the discretion of Track3D.
To qualify for a reward under this program, you should:
- Be the first to report a vulnerability.
- Send a clear textual description of the report along with steps to reproduce the vulnerability.
- Include attachments such as screenshots or proof of concept code as necessary.
- Disclose the vulnerability report directly and exclusively to us.
Additionally not every report may be eligible. The systems in scope are:
- app.track3d.ai
- api.track3d.ai
In particular, Track3D is looking for:
- Unauthorized access to data including vulnerabilities in the authentication systems.
- Credit or Account escalation.
although others reports will be considered.
Payments
Track3D supports the following payment methods:
- Bank Transfer: The bounty amount is credited to your bank account.
**any international fees will be at the cost of the reporter