At Rain, we recognize the value that security researchers provide to our community, and as such, we encourage the responsible disclosure of any legitimate vulnerabilities. Fair compensation will be provided for qualifying discoveries. We encourage researchers to report any findings to email@example.com.
What is a qualifying discovery?
A qualifying discovery should directly involve a security vulnerability relating to, but not limited to, the following: website, mobile applications, and other technological infrastructure. Rain will ultimately decide if a discovery is qualifying or not.
The discovery must be sent to firstname.lastname@example.org and:
- Include instructions to reproduce
- Include proof of concept
- Include BTC address for compensation
- Allow Rain at least 2 business days to respond
Some examples of discoveries that would not be eligible include:
- Findings related to third parties that do not relate to security of the Rain platform (e.g. support.rain.bh, Intercom chat app, etc)
- DDoS related attacks
- Issues that have previously been discovered by other researchers
- Failing to provide instructions to reproduce
- Abusing the discovery to negatively impact Rain, or its customers, in any way
What type of compensation is provided?
All qualifying discoveries will be compensated in BTC. The minimum valid reward is $100, with no maximum.
Rain is a cryptocurrency platform in the Middle East, headquartered in the Kingdom of Bahrain. We are licensed and regulated by the Central Bank of Bahrain (CBB). Rain enables you to buy, sell, and store bitcoin and other cryptocurrencies, in a regulated, secure, and compliant way.