Cloudbet Bug Bounty Program

Introduction

www.cloudbet.com is owned and operated by Halcyon Super Holdings BV (hereinafter, “Cloudbet”, “we” or “us”). Cloudbet is a leading online crypto entertainment platform, committed to uphold the highest standards of integrity and safety for our gaming experience. As part of our commitment to security and privacy, we are launching a Bug Bounty Program to encourage researchers and security enthusiasts to identify and report vulnerabilities in our platform.

Rewards and Prioritisation

  • Bug bounties will be paid in USDT, and all submissions will be classified based on priority.

  • Rewards will be issued at our sole discretion, with no strict minimum or maximum limit. However, we anticipate paying significantly more (US$10,000 or more) for particularly serious issues.

  • To qualify for a reward, you must be the first person to alert us of a previously unknown issue that leads to a code or configuration change.

Vulnerability Tiers

  • The reward for eligible vulnerabilities will range depending on the impact and severity of the bugs reported as determined by our security team.

  • Vulnerability Tiers in increasing order of priority and rewards are Informative, Low, Medium, High and Critical.

  • Lower tiers refer to low impact issues such as technical misconfigurations while higher tiers would include critical issues such as smart contract bugs, wallet private key leaks etc. which could cause significant business disruption or financial loss.

Scope

In-scope

  • Cloudbet.com website and associated services.

  • Cloudbet APIs, blockchain and infrastructure vulnerabilities.

  • Vulnerabilities in smart contracts related to Cloudbet.

Out-of-scope

The following findings are specifically excluded from the Bug Bounty Program and we ask you to refrain from attempting to report or perform these actions:

  • Any physical attempts to access Cloudbet properties.

  • Use of social engineering (e.g. phishing) to obtain private information.

  • Denial of Service (DoS/DDoS).

  • Vulnerabilities in third party services linked to Cloudbet.

  • Minor technical misconfiguration or issues on non-sensitive pages.

  • Any actions of a similar nature to the foregoing, non-exhaustive list.

Submitting Your Report

In your submission, include:

  • Detailed steps to reproduce the vulnerability.

  • Verifiable evidence the vulnerability exists, such as a screenshot, video, or script, including URLs used to uncover the vulnerability. Please send this evidence as email attachments and not through publicly accessible third party services.

  • Please submit your report to [email protected]. We aim to respond to reports with medium and higher priority within 7 business days. For reports with low priority or those primarily for informational purposes, we will respond within 30 days. All reports are valued, but spam reports will be discarded. Please refer to our reporting guidelines for valid submissions. We strive to update you on the progress of all reports, even if an immediate resolution is not available. Please refrain from sending emails asking for updates on already acknowledged bug reports, as this does not speed up the resolution process.

Safe Harbour

To encourage security research and to avoid any confusion between good faith hacking and malicious attacks, we ask that you adhere to the following guidelines:

  • Do not use vulnerabilities to access, modify, harm, or otherwise alter data that does not belong to you.

  • Do not exploit vulnerabilities except for purposes of demonstrating it to us.

  • Do not conduct network-level Denial of Service (DoS/DDoS) attacks against our systems

  • Do not target our employees and customers.

  • Do not report vulnerabilities with any conditions, demands or ransom threats.

If you follow these guidelines, we commit that we:

  • Will not bring legal action against you or report you for good faith security research, including for bypassing technological measures we use to protect the applications in scope; and,

  • Will advocate for you if a third party initiates legal action against you in relation to your good faith security research.

You should contact us for clarification before engaging in conduct that you think may be inconsistent with good faith security research or unaddressed by our policy.

Keep in mind that we are not able to authorise security research on third-party infrastructure, and a third party is not bound by this safe harbour statement.

Compliance

  • You must at all times act in good faith and in compliance with all applicable laws and regulations, including those in your local jurisdiction where the security research is conducted.

  • You must comply with all relevant licensing, insurance, privacy, or other regulatory requirements, and you are solely responsible for all compensation, licensing, regulatory fees or dues, insurance, or any other related costs and legal duties required of you as a security researcher receiving rewards as part of our Bug Bounty Program.

Changes to Cloudbet Bug Bounty Program

  • Cloudbet reserves the right to change any and all details of the Bug Bounty Program you see in this document at any time without prior notice. Such revisions and additions shall be effective immediately.

  • You are responsible for reviewing this document periodically for any modification to the Bug Bounty Program that may affect your rights or obligations.

Miscellaneous

  • Your participation in the Bug Bounty Program shall not be deemed or construed to create any partnership, joint venture or agency relationship between you and Cloudbet.

  • To the maximum extent permitted by law, in no event will Cloudbet be liable for any direct, special, incidental, exemplary, punitive or consequential damages (including loss of use, data, business or profits) arising out of or in connection with your participation in the Bug Bounty Program, whether such liability arises from any claim based upon contract, warranty, tort (including negligence), strict liability or otherwise, and whether or not Cloudbet has been advised of the possibility of such loss or damage.