# Bug Bounty ## Bug Bounty **We highly value your participation in our bug bounty program, as it plays a vital role in strengthening our security measures. Your dedication to identifying and addressing potential vulnerabilities in our systems is greatly appreciated.** **Outlined below are the scope and guidelines for our bug bounty program, which encompass both our mobile application, browser extension and web services.** ## Assets **Our assets are divided into two categories: Ghost client-side applications and Ghost infrastructure and services.** * **Ghostfive.com** * **Ghostfive.com** * **Ghostfive.dev** * **Any asset confirmed to be owned by Ghost** ## Primary Focus **The following types are of particular interest to our security team:** **Vulnerabilities with the potential to steal user funds**\ **Vulnerabilities associated with the leakage of confidential information**\ **Access to Ghost pipelines, processes or build environments** **Rewards**\ **Critical ($12,500 → $20,000)** **Examples - Wallet** **XSS (within the context of the Wallet)**\ **Origin Spoofing (affecting transaction simulation)**\ **Examples - Server-Side** **Remote Code Execution (within Ghost infrastructure)**\ **SQL Injection (with access to PII)**\ **High ($5,000 → $12,500)** ## **Examples - Wallet** **PII/Sensitive Data Leakage to Third Parties**\ **Examples - Server-Side** **SQL Injection (no PII access - only public data and no escalation path)**\ **Medium ($1,500 → $5,000)** ## **Examples - Wallet** **From**\ **Examples - Server-Side** **Reflected XSS**\ **Low-Impact IDORs**\ **Low ($50 → $1,500)** ## **Examples - Wallet** **User interface issues that impact security, such as mislabeled security or privacy features**\ **Examples - Server-Side** **Hosting malicious JavaScript on a non-essential subdomain (e.g., via XSS or subdomain takeover)**\ **Exceptional Circumstances** **Ghost is offering a $50,000 bounty for vulnerabilities that demonstrate:** **Remote extraction of a user’s private key without user interaction, or**\ **Ability to inject malicious code into the build process without being detected**\ **Note: The final determination of whether a vulnerability meets the exceptional criteria is at the sole discretion of the Ghost security team.** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ghostfive.com/ecosystem/bug-bounty.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.