Bug Bounty Terms

For Rewards and Payouts, please see Bug Bounty

Bug Bounty Program Terms and Conditions

Last Updated: August 2023

Participating in the Premia Bug Bounty Program is contingent upon your adherence to the Terms of Use outlined by the Premia Protocol. These Bug Bounty Program Terms and Conditions (referred to as "Bug Bounty Terms") govern the identification and reporting of vulnerabilities by you to the Premia Protocol ("Premia" or "Protocol") in alignment with these Bug Bounty Terms. In case of any conflict between these Bug Bounty Terms and the Premia Protocol's Terms of Use or any previous Premia Protocol programs, these Bug Bounty Terms will take precedence in such instances. Kindly read these Bug Bounty Terms thoroughly before engaging in the Bug Bounty Program. By participating in this program, you acknowledge and accept these Bug Bounty Terms. Your participation in the Bug Bounty Program is also subject to the Premia Protocol's Terms of Use and Privacy Policy.

1. Eligibility

To qualify for participation in the Bug Bounty Program, you must:

• Be of legal age in your jurisdiction and possess the legal capacity to accept and adhere to these Bug Bounty Terms if participating as an individual.

• Have the legal authority to accept these Bug Bounty Terms on behalf of an entity if participating as such.

• Be the first individual to report a vulnerability to Premia following the guidelines in these Bug Bounty Terms.

• Provide comprehensive information for reproducing and addressing the vulnerability.

• Avoid any unlawful activities when identifying, reporting, or disclosing vulnerabilities to Premia, refraining from threats or coercive tactics.

• Not exploit or attempt to exploit the vulnerability in any manner, including public disclosure or seeking profit, other than Bug Bounty Program compensation.

• Make reasonable efforts to prevent privacy violations, data destruction, service interruption, or degradation during vulnerability testing.

• Submit one vulnerability per report unless combining vulnerabilities is necessary for clarity.

• Not submit vulnerabilities related to an issue already compensated under the Bug Bounty Program.

• Refrain from requesting payment for vulnerability details or disputing the Bug Bounty Program's applicability.

• Not be a current or former employee, vendor, contractor, or agent of Premia within the past 6 months.

Premia retains the right to limit or refuse your Bug Bounty Program eligibility at its sole discretion, including cases where participation breaches any Applicable Law. If any violations of these Bug Bounty Terms or the Premia Protocol's Terms of Use are identified, Premia may take measures such as limiting your access to the Services, withholding, amending, or canceling Bug Bounty Program benefits, or seeking the return of any payment made to you.

2. Scope of Vulnerabilities

The following types of vulnerabilities are excluded from Bug Bounty Program compensation:

• Vulnerabilities already known to Premia.

• Vulnerabilities affecting third-party hosted sites unless they lead to a vulnerability on the Premia Protocol's site.

• Vulnerabilities dependent on physical attacks, social engineering, spamming, DDOS attacks, and similar exploits.

• Vulnerabilities impacting outdated or unpatched browsers.

• Vulnerabilities in third-party applications using the Premia Protocol's API.

• Vulnerabilities publicly disclosed in third-party libraries or technology used by the Premia Protocol.

• Vulnerabilities requiring unlikely levels of user interaction.

• Vulnerabilities necessitating mobile device rooting or jailbreaking.

• Missing security headers without proof of exploitability.

• Suggestions for best practices.

• Disclosure of software versions.

• Front-end bugs.

• DDOS attacks.

• Spamming.

• Phishing.

• Automated tools (e.g., GitHub actions, AWS).

• Compromising or misusing third-party systems or services.

Premia holds the right to determine a vulnerability's eligibility for Bug Bounty Program compensation at its sole discretion.

3. Disclosure and Reporting Requirements

Report vulnerabilities exclusively to [email protected], complying with the remaining requirements in this Bug Bounty Program. Do not publicly or privately disclose vulnerabilities until Premia has been notified, resolved the issue, and granted permission for disclosure. Notify Premia within 24 hours of discovering the vulnerability. If similar vulnerabilities are reported within this 24-hour period, compensation may be divided or given to the first reporter, as determined by Premia.

A detailed vulnerability report increases the likelihood and potential amount of compensation. Include:

• Conditions for reproducing the vulnerability.

• Steps to replicate the vulnerability or, preferably, a proof of concept.

• Potential implications of exploiting the vulnerability.

4. Compensation

You will receive compensation based on the reported vulnerability's type and severity according to Bug Bounty. The categorization and compensation amount will be determined at Premia's sole discretion.

5. Bug Bounty Program Administration

Premia retains the right to manage the Bug Bounty Program at its discretion. Premia reserves the right to modify, suspend, or terminate the Bug Bounty Program at any time, with or without notice. Compensation and benefits may also be amended or canceled if any violations of these Bug Bounty Terms or the Premia Protocol's Terms of Use are identified.

Administration decisions are solely Premia's, guided by the Applicable Law (as defined in the Terms of Use). Any eligibility-related inquiries will be resolved at Premia's discretion, and its decisions are final. Exceptions, such as awards made outside these terms, do not waive these Bug Bounty Terms.

6. Privacy

By participating in the Bug Bounty Program, you acknowledge that your personal information will be handled according to the Privacy Policy. You grant Premia the right to use your name, country of residence, email address, and provided information for administering and promoting the Bug Bounty Program. Premia may disclose your information to third-party agents and service providers for these purposes.

7. Release and Publicity

By participating in the Bug Bounty Program, you release and hold harmless Premia and its affiliates from claims arising from participation or determinations about your eligibility or compensation. Premia is not liable for injuries, losses, or damages resulting from your participation or benefits received under the Bug Bounty Program.

8. Taxes

You are responsible for all income tax liabilities related to benefits or compensation received. Premia may withhold applicable taxes as required by Applicable Law. You agree to report your received benefits or payments to relevant authorities and complete necessary tax forms.

9. General

Sections 1 through 17 of the Premia Protocol's Terms of Use are incorporated here. You are subject to those provisions as they apply to these Bug Bounty Terms. Premia reserves the right to revise these Bug Bounty Terms and publish amended versions. Your continued participation constitutes acceptance of amendments. Premia may amend or terminate the Bug Bounty Program at its discretion.