Bug Bounty

Fuze endeavours to create safe and resilient infrastructure. To that end, we invite all security researchers to test Fuze's public infrastructure for vulnerabilities or exploitation techniques. Please write to security@fuze.finance in case you find a vulnerability that merits our attention.

We offer bug bounties of up to $1000 - depending on the severity and scale of the vulnerability. The exact criteria of the bounty will be communicated to you via email.

Guidelines:

  • Responsible Disclosure: We request that security researchers follow responsible disclosure practices and refrain from publicizing any details of the vulnerability until we have had sufficient time to address the issue.
  • Legal and Ethical Behavior: Engage in testing and reporting activities that adhere to all relevant laws and regulations. Do not engage in any malicious actions, unauthorized access, or activities that may harm our systems or users.

Exclusions:

The following activities are not eligible for the bug bounty program:

  • Social engineering attacks
  • Physical attacks against our facilities or data centers
  • Denial of service attacks
  • Vulnerabilities that are not reproducible

Resolution Timeline:

Our team is committed to acknowledging receipt of your report within 48 hours and providing regular updates on the status of the investigation. We strive to resolve critical vulnerabilities within 15 days and other vulnerabilities within a reasonable timeframe based on complexity.