The DODO team has opened a vulnerability feedback reward campaign, and you are very welcome to report vulnerabilities.
We will assess the severity of vulnerabilities based on CVSS, with rewards corresponding to different severity levels.
Very High (9.0-10) up to $100,000
High (7.0-8.9) up to $10,000
Medium (4.0-6.9) up to $5,000
Low (0.1-3.9) up to $1,000
In addition to differentiating rewards based on severity, we also offer different rewards based on the impact of the vulnerability and the difficulty of discovery.
Any bugs or vulnerabilities should be reported to the DODO team at [email protected], which is the only channel. Bounty hunters should not disclose to other individuals or groups until they have contacted DODO. Also, please be sure to inform the DODO team as soon as possible after discovering a vulnerability and include as much detail as possible about the vulnerability in your email, including ：
Conditions for reproducing the vulnerability
Steps to reproduce the vulnerability
The potential danger of the vulnerability
A detailed vulnerability report will increase the likelihood and amount of a reward.
For users who provide a valid vulnerability report and keep it confidential, we will make a public acknowledgement with your consent.