🐛Kalshi Website Bug Bounty Program

Purpose

The purpose of this Bug Bounty Program is to encourage the responsible disclosure of security vulnerabilities in the Kalshi platform. By engaging with the global community of security researchers, we aim to identify and address potential risks, enhancing the overall security and resilience of our platform.

Scope

This bug bounty program covers all web and mobile applications, APIs, and any other digital assets owned and operated by Kalshi. Participants are encouraged to focus on identifying and reporting security vulnerabilities within the scope.

Eligibility

  1. The bug bounty program is open to anyone who wishes to participate, excluding employees and contractors of Kalshi.

  2. Participants must adhere to the rules outlined in this policy to be eligible for rewards.

  3. Responsible Disclosure

    1. Bug bounty hunters must responsibly disclose any identified vulnerabilities promptly and exclusively to Kalshi.

    2. Participants should avoid unauthorized access to, or manipulation of, sensitive data, and should not disclose the vulnerability publicly until it has been resolved.

Reporting

  1. Reports should be submitted via the designated bug bounty submission form, email address or other approved channels.

  2. Provide a detailed description of the identified vulnerability, including steps to reproduce and any supporting evidence.

  3. Include contact information for proper communication and reward distribution.

Vulnerability Assessment

  1. Kalshi will promptly assess the reported vulnerability.

  2. The assessment will consider the severity, exploitability, and potential impact on the platform.

Rewards

  1. Rewards will be provided based on the severity and impact of the reported vulnerability.

  2. The reward structure will be determined by Kalshi and may include monetary compensation, recognition, or other non-monetary incentives.

  3. Bug bounty hunters may be recognized publicly for their contributions with their consent.

  4. Kalshi reserves the right to publicly acknowledge and thank participants for their efforts.

Non-Disclosure

  1. Participants must keep all information related to identified vulnerabilities confidential until Kalshi publicly discloses the resolution.

  2. Kalshi employees must keep confidential information from the participants during communications.

  3. Kalshi commits to handling all bug reports with the utmost confidentiality.

Program Modifications

  1. Kalshi reserves the right to modify or terminate the bug bounty program at any time in its sole discretion.

  2. Changes to the program will be communicated to participants through the designated communication channels.

  1. Kalshi commits to not pursue legal action against individuals who report vulnerabilities in accordance with this bug bounty program.

  2. Participants must comply with all applicable laws and regulations during their engagement.

  3. Contact Information

For bug submissions, inquiries, or additional information, please contact support@kalshi.com.

Have questions or need help? Send us a message here: support@kalshi.com

Last updated