Security Exploit Bounty Program

At Challengermode, the security of users' data is of utmost importance. That's why we welcome help from the outside through our bounty program to put our security to the test. If you believe you have found a security vulnerability on Challengermode, we encourage you to let us know right away.

Responsible Research and Disclosure guidelines

  • Do not disturb the service. Avoid scanning techniques that are likely to cause degradation of service to others.
  • Only test your own data. Accessing or exposing should be done only to customer data that is your own.
  • Keep within the guidelines of our Terms Of Service.
  • If you gain access to our internal system, stop testing and report it immediately.
  • Collect only the information necessary to demonstrate the vulnerability. Securely delete Challengermode information that may have been downloaded, cached, or otherwise stored on the systems used to perform the research.
  • Do not publish any information regarding the vulnerability until Challengermode fixed it.
In order to be eligible for a bounty, your submission must be accepted as valid by Challengermode. We use the following guidelines to determine the validity of requests and the reward compensation offered.

Reproducibility

Our engineers must be able to reproduce the security flaw from your report. Reports that are too vague or unclear are not eligible for a reward. Reports that include clearly written explanations and working code are more likely to garner rewards.

Severity

More severe bugs will be met with greater rewards.

Examples of Qualifying Vulnerabilities

  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF/XSRF)
  • Server-side code execution
  • Authentication or authorization flaws
  • Mixed-content scripts

Examples of Non-Qualifying Vulnerabilities

  • Denial of Service (DOS) and spam vulnerabilities
  • Security issues in third-party websites that integrate with Challengermode
  • Social engineering
  • Failures to adhere to "best practices" (for example, common HTTP headers, link expiration, email-validation or password policy)
  • Latencies in distributed eventual consistency processes

Rewards

Our reward system is flexible and doesn't have any strict upper or lower limits. The amount will exclusively depend on the severity of the vulnerability.The reward will be sent using PayPal (or Challengermode account) once the vulnerability has been fixed. These services collect a fee for processing the transaction, which gets deducted from the amount awarded.This is a discretional program and Challengermode reserves the right to cancel the program; the decision whether or not to pay a reward is at our discretion.

Reporting

Please email us at security@challengermode.com with any vulnerability reports or questions to the program.
Challengermode

Solutions

DevelopersOrganizersBrandsCommunitiesPlayers

Product

PricingDownloadFeaturesMarketplaceSpaces

Company

AboutCustomersBlogNewsJobs

Useful links

Sign upContact salesBrand assetsHelp CenterBounty program
© 2026 Challengermode
Terms of Use
Privacy Policy
Cookie preferences