Our March challenge is here!!

This challenge is a little different than the usual ones, it’s an attempt at something more real world. If you’ve never taken part in a bug bounty program before then this is a great opportunity to start!

We’ve launched a bug bounty program for the website http://warped.io/.

Bugs can be submitted through this google form – https://goo.gl/3F2eFv.


Vulnerability Discloure Policy

  • Let us know as soon as possible upon discovery of a potential security issue, and we’ll make every effort to quickly resolve the issue.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.


In Scope

  • *.warped.io (excluding dev.warped.io)


Out of Scope

  • dev.warped.io



  • Any accounts created on Warped.io for the purposes of this program should have “bounty_” at the beginning of their username
  • IP addresses used during testing our site should be submitted in any bug reports
  • While researching, we’d like to ask you to refrain from:
    • Denial of service
    • Spamming
    • Social engineering (including phishing) of Warped.io staff or contractors
    • Any physical attempts against Warped.io property or data centers


Data Collection

Anonymised behavioural data will be collected during your use of this site in accordance with our terms and conditions. This is to improve user experience and also to better understand how an adversary may seek to exploit our service. For more information see http://warped.io/terms.php. By partaking in this program you agree to the terms and conditions set out by Warped.io.
Thank you for helping keep Warped.io and our users safe!