Bug Bounty

We are taking utmost care of users’ funds and data security. In order for the community to help us maintain the highest standard of security, we’ve created a Bug Bounty Programme. Under this Programme, we kindly ask our community members to help us find vulnerabilities and report them to us.

If a vulnerability is found, please report the vulnerability by sending us an email to bugbounty@changeinvest.com, describing in detail the essence of the bug and an attack scenario. After having received the email one of our team members will assess the scope of the vulnerability and the report, and if appropriate will contact you whether you have been qualified to receive a reward and to which extent. The rewards will be paid in CAG tokens.

Rewards are paid out in the following ways based on the scope of the vulnerability:

  • High risk: up to 10 000 CAG
  • Medium risk: up to 5 000 CAG
  • Low risk: up to 1 000 CAG

Assessing the risk level of a vulnerability or a risk report, and assessing whether it is appropriate to pay out the reward and to which extent are in the full discretion of the Change Team.