To qualify for a bounty, you must:
- Be the first person to responsibly disclose the bug
Report a bug that could compromise the integrity of user data, circumvent the privacy protections of user data, or enable access to a system within our infrastructure or the CS:GO Blackjack accounts, such as:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF/XSRF)
- Broken Authentication
- Circumvention of our Platform/Privacy permission models
- Remote Code Execution
- Privilege Escalation
- Provisioning Errors
- Any other error at server-level
- Make every effort to use a test account instead of a real account when investigating bugs. When you are unable to reproduce a bug with a test account, it is acceptable to use a real account, except for automated testing.
- Not interact with other accounts without the consent of their owners.