Bug Bounty Campaign


In order to promote the healthy growth of Credits, improve our user experience and promote asset safety, Credits is launching a new bug fixing campaign.

By starting this event, we are hoping a large number of professionals in the field of security research will take part in creating the best product on the market - Credits, as well as protect the security of the assets and transactions of Credits’ users with us.

The following situations are outside the scope of Credits’ Bug Bounty campaign:

  • Bugs in any third party projects or platforms interacting with Credits.

  • Bugs that have already been reported or discovered.

  • Errors caused by: DDOS attacks, automated tools, corruption or misuse of third party systems or services.

The reward plan

The severity of reported bugs will be calculated using a common vulnerability scoring system:

Critical (9.0-10.0)
High (7.0-8.9)
Medium (4.0-6.9)
Low (0.1-3.9)

In addition to their severity, bounties will also be calculated based on impact of those errors and the level of difficulty of their detection.

Review and Reward Schedule

Current pre-validated bug reports will be responded to by email within 15 days;

For previously confirmed bug reports provided by experts, we will determine the vulnerability rating and offer an appropriate reward within 15 days of email being answered;

All rewards will be issued in the form of CS tokens or USDC / USDT according to the request of the recipient.

How to submit a report

Any bugs or defects found should only be reported to the following email address: vdv@credits.com

Until they are reported to the above email address, disclosure to any other person or organization is not permitted.

Please include as much information about the error as you can, including but not limited to:

  • The specific conditions that would cause the error to reoccur.

  • Steps required to reproduce the error.

  • Potential consequences if the bug is exploited.

  • Detailed reporting and error analysis will not only increase the chance of earning rewards, but will also increase the chance of earning higher rewards.

Terms and Conditions

To receive a reward, you must:

  • Discover a heretofore never previously reported or  published error or errors that could result in the possible loss or blocking of assets.

  • Errors should be reported only Credits, first.

  • Provide sufficient details so that our engineers can correct errors.

  • Do not engage in any illegal activities (such as blackmail, threats, etc.) when reporting bugs to Credits.

  • Do Not use the bugs in any way, including public disclosure or for profit (other than to earn rewards from this Campaign).

  • Act in good faith and not invade privacy, damage data, or interrupt or degrade Credits’ service.

  • Only one bug should be reported at a time, unless you need to link the bug to other bugs to show their relationship.

  • Bugs caused by the same (potential) issues already submitted in this campaign will not be accepted.

  • Participants must not be current or former employees or suppliers, or employees of any of these suppliers.

  • You must meet all the qualification requirements of the Campaign.


All award decisions, including eligibility, award amount, and payment method, are at the sole discretion of Credits’ team.

The terms and conditions of this Campaign may change over time in accordance with the current situation.