Avail bug bounty program

Avail's priority is to keep our members’ data safe, and we recognize that no technology is perfect. We believe that working with talented security researchers is critical to identifying weaknesses and vulnerabilities in our systems.

Targets

Targets are accessible by the public internet. Our dev environment is open to the world at https://dev.availcarsharing.com and is the preferred testing location.

If you test on https://availcarsharing.com, you are targeting our production environment. Please do not run tests that compromise the integrity or stability of this environment.

Out of scope

  • Social engineering or other non-technical vulnerabilities
  • DoS attacks
  • Brute Force attacks

Ratings/Rewards

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher along with the opportunity to appeal and make a case for a higher priority.

P1: $250
P2: $150
P3: $100 
P4: $50

Reporting

Rewards require that the Avail security team can verify and reproduce the described issue. Reproduction steps need to be clear and can include screenshots, videos, scripts, etc. 

**DO NOT** use the output from automated scanners and tools as the entire vulnerability report.

Please send your findings to bugbounty@availcarsharing.com.