If you think you've found a security issue in Scroll, contact us at [email protected]. Please make sure the issue is in Scroll itself and not one of our partner sites, and do not publicly disclose the issue.
We will award $200 for bugs related to the security of the data of our users and partners, and we may pay more at our discretion for more severe bugs. For security reports that do not directly relate to privacy vulnerabilities, we may still award an amount of our choosing if your report causes us to take action.
We ask that you use common sense in your reports, in particular reports of DOS, spam, or social engineering vulnerabilities will not be rewarded, nor will reports of parts of Scroll that are working as intended.
A few other notes
- We will only reward the first person to responsibly disclose a bug to us.
- Any bugs that are publicly disclosed will not be rewarded.
- Whether to reward the disclosure of a bug and the amount of the reward is entirely at our discretion, and we may cancel the program at any time.
- Your testing must not violate any laws.
- We can't provide you a reward if it would be illegal for us to do so.
You are free to send any reports, but as guidance we are unlikely to award any reports that start from comrpomising a user's email or a user's computer.