join our

INDEPENDENT SECURITY RESEARCHERS TEAM

$1000

REWARD

+91 -
Get Download Link

ratings
bug bounty

Bug Bounty Program

At Hike, we’re building the Rush Gaming Universe (RGU) where players can battle it out in India’s most popular casual games and use their skills to Play, Compete, and Win.
We’re committed to the safety and security of our services and to the integrity of its data. Our ultimate goal is to ensure an incident-free experience.
We encourage independent security researchers to submit vulnerabilities via our responsible disclosure program. Individuals will be suitably rewarded for the same.

SCOPE

🎯
Public URLs
In our opinion, the most interesting areas to focus would be:
  • api.getrushapp.com (API Service)
  • wallet.getrushapp.com (Wallet Service)
  • payments.getrushapp.com (Payment Service)
  • Game server entry point
  • Run time gaming hacks and score manipulation across games on the platform
  • Horizontal or vertical privilege escalation
  • Data exfiltration
  • Influencing game payouts

RESPONSIBLE DISCLOSURE POLICY

👀
Hike will engage with you as independent security researchers when vulnerabilities are reported to us in accordance with the Responsible Disclosure Policy.

HOW TO REPORT a VULNERABILITY

📝
The identified vulnerability shall have to be reported to our security team by clicking on the Submit Report button or sending us a mail from your registered email address to security@hike.in with email containing below details with subject prefix with “Bug Bounty”. The mail should strictly follow the format below.
Report a Vulnerability
Subject:
Bug Bounty: <Vulnerability Category> - <Bounty Hunter Full Name>
Email body:
  • Vulnerability Information:
  • Name of Vulnerability: Vulnerability Category:
  • Description:
  • Vulnerable Instances:
  • Steps to Reproduce:
  • Proof of Concept: Impact:
Bounty Hunter details:
  • Full Name:
  • Email Address:
  • Mobile Number:
  • Any Publicly Identifiable profile:

REWARD

💰
Bounty: Our bounty payouts are directly tied to security impact and our general payout ranges from $100-$1000 depending on the severity of the bug.
Vulnerability Severity Bounty
Critical $1000
High $500
Medium $250
Low $100
The payout amount is decided by the Security team at Hike and the decision is final from the team. But, If we think that for a particular bug, a researcher went an extra mile, we might add a bonus to the existing payout.
Acknowledgement: By helping us continuously keep our platform secure, once the security vulnerability is verified and fixed as a result of the report, we would like to put your name on our Security Hall of Fame Provided, if you want a public acknowledgment.

️Response Targets

Our security research team makes its best effort to meet the following SLAs for researchers participating in our program.
First Response 0-1 Days
Time To Triage 1-3 Days
Time to Bounty 3-7 Days
Time To Resolution Depends on severity and complexity

THANK YOU FOR ALL THAT YOU DO

🏆
On behalf of over 2 Crore+ Rush users, we would like to express our heartfelt gratitude to all those listed in our Hall of Fame for their efforts in keeping the platform secure. We look forward to your continued participation in our Bug Bounty Program.
+91 -
Get Download Link

Bug Bounty Program

At Hike, we’re building the Rush Gaming Universe (RGU) where players can battle it out in India’s most popular casual games and use their skills to Play, Compete, and Win.

We’re committed to the safety and security of our services and to the integrity of its data. Our ultimate goal is to ensure an incident-free experience.

We encourage independent security researchers to submit vulnerabilities via our responsible disclosure program. Individuals will be suitably rewarded for the same.

SCOPE
🎯
Public URLs
In our opinion, the most interesting areas to focus would be:
  • api.getrushapp.com (API Service)
  • wallet.getrushapp.com (Wallet Service)
  • payments.getrushapp.com (Payment Service)
  • Game server entry point
  • Run time gaming hacks and score manipulation across games on the platform
  • Horizontal or vertical privilege escalation
  • Data exfiltration
  • Influencing game payouts
RESPONSIBLE DISCLOSURE
POLICY👀

Hike will engage with you as independent
security researchers when vulnerabilities are
reported to us in accordance with the
Responsible Disclosure Policy.

HOW TO REPORT A
VULNERABILITY📝
The identified vulnerability shall have to be reported to our security team by clicking on the Submit Report button or sending us a mail from your registered email address to security@hike.in with email containing below details with subject prefix with “Bug Bounty”. The mail should strictly follow the format below.
Report a Vulnerability
Subject:
Bug Bounty: <Vulnerability Category> - <Bounty Hunter Full Name>
Email body:
  • Vulnerability Information:
  • Name of Vulnerability:
  • Vulnerability Category:
  • Description:
  • Vulnerable Instances:
  • Steps to Reproduce:
  • Proof of Concept:
  • Impact:
  • Recommendation:
Bounty Hunter Details:
  • Full Name:
  • Email Address:
  • Mobile Number:
  • Any Publicly Identifiable profile:
REWARD💰

Bounty: Our bounty payouts are directly tied to
security impact and our general payout ranges
from $100-$1000 depending on the
severity of the bug.


Vulnerability
Severity
Bounty
Critical
$1000
High
$500
Medium
$250
Low
$100

The payout amount is decided by the Security
team at Hike and the decision is final from
the team. But, If we think that for a particular bug,
a researcher went an extra mile, we might add a
bonus to the existing payout.

Acknowledgement: By helping us continuously
keep our platform secure, once the security
vulnerability is verified and fixed as a result of the
report, we would like to put your name on our
Security Hall of Fame Provided, if you want a
public acknowledgment.

️Response Targets

Our security research team makes its best effort
to meet the following SLAs for researchers
participating in our program.

First Response
0-1 Days
Time To Triage
1-3 Days
Time to Bounty
3-7 Days
Time To Resolution
Depends on severity
and complexity
THANK YOU FOR ALL THAT YOU
DO🏆

On behalf of over 2 Crore+ Rush users, we would
like to express our heartfelt gratitude to all those
listed in our Hall of Fame for their efforts in
keeping the platform secure. We look forward to
your continued participation in our Bug Bounty
Program.