❓FAQ

Each tournament on the platform has its own reward fund, for example, $50,000.00. At the end of the tournament, this fund is distributed among the valid vulnerabilities reported to reward the researchers. The specific distribution process is documented in detail on the Reward Model page.

When creating a competition, Bypassec performs a calculation to define a minimum value that the company must deposit into the reward fund. This calculation takes into account the complexity of the scope, size, and duration of the tournament. However, host companies may choose to provide more rewards than the minimum value to attract more researchers.

Each competition will have its own defined testing policy and scope. The classification of vulnerabilities is specified in the Reward Model section.

All payments are made via paypal. For this reason, Bypassec requires researchers to have all their information properly filled out in the payment section of their account. Payments are processed simultaneously on a set date, no later than 10 business days after the end of the competition.

Yes, duplicate vulnerabilities are also paid. Our platform and reward model allow us to offer this flexibility without compromising the researchers' earnings.

All reports are validated by Bypassec before being passed on to the competitions's host company.