TronRental.com
Log in

Bug Bounty Program

Help us keep TronRental.com secure. Report vulnerabilities and earn rewards paid in TRX.

Scope

In Scope

  • TronRental.com API and web application
  • Authentication and authorization flows
  • Payment and blockchain interactions
  • User data protection and privacy

Out of Scope

  • Denial of Service (DoS/DDoS) attacks
  • Social engineering and phishing
  • Third-party services and dependencies

Rewards

Critical$500 – $2,000

RCE, SQL injection, access to private keys, theft of funds

High$200 – $500

Authentication bypass, IDOR, privilege escalation

Medium$50 – $200

Stored XSS, rate limit bypass, sensitive data exposure

LowHall of Fame

Reflected XSS, missing security headers, minor information leak

Rewards are paid in TRX at the exchange rate at the time of payment.

Rules

  • Follow responsible disclosure — do not publicly disclose vulnerabilities before they are fixed.
  • Only the first reporter of a vulnerability is eligible for a reward.
  • Proof of Concept (PoC) is required for all submissions.
  • Severity is determined by our security team based on impact and exploitability.
  • Do not access, modify, or delete other users' data during testing.
  • Public disclosure is allowed 14–30 days after the fix is deployed.

Process

1

Report

Send vulnerability details to [email protected]

2

Verify

Our team reviews and confirms the issue

3

Fix

We develop and deploy the fix

4

Reward

You receive TRX reward based on severity

Contact

Send your security reports to:

[email protected]@TronRentalcom_Help_bot

Found a Vulnerability?

Report it responsibly and earn a reward in TRX.

Report a Vulnerability