Log in Get Started
Limited-Time Program

Bug Bounty Program

Help us build a rock-solid product. Find bugs, get rewarded with up to 1 year of Pro subscription for free.

12 months max reward
4 severity levels
June program ends

01 Why this program?

Early Launch

StacksFinder just launched. We're a solo-dev project with limited resources for extensive QA.

Community First

Our users are our best testers. Help us find issues before they impact others.

Fair Rewards

Instead of cash, we offer Pro subscription time. It's a win-win for everyone.

02 Reward Tiers

Rewards are based on bug severity. We determine the final severity level.

Critical
12 months Pro
  • Authentication bypass
  • Data breach/leak
  • Payment manipulation
  • Remote code execution
High
6 months Pro
  • Blueprint data loss
  • API authentication flaws
  • Privilege escalation
  • Scoring manipulation
Medium
3 months Pro
  • Incorrect score calculations
  • Session handling issues
  • Rate limiting bypass
  • Information disclosure
Low
1 month Pro
  • UI/UX bugs
  • Minor visual glitches
  • Typos in content
  • Non-critical errors
Feature suggestions are welcome but not rewarded with subscription time. They may earn you a shoutout in our changelog.

03 How to Report

1

Join Discord

Head to our Discord server and find the #bug-reports channel.

2

Describe the Bug

Include steps to reproduce, expected vs actual behavior, and screenshots if possible.

3

Wait for Review

We'll review, confirm the bug, and assign a severity level.

4

Get Rewarded

Once fixed, you'll receive an email with your reward confirmation.

Join our Discord

04 Eligibility

Who can participate

  • Anyone can report bugs via Discord
  • Paying subscribers (Pro, Early Adopter, Team) can claim rewards
  • The reporting email must match your StacksFinder account

Out of Scope

  • DoS/DDoS attacks
  • Social engineering / phishing
  • Physical security issues
  • Third-party services (Paddle, Discord)
  • Issues in outdated browsers
  • Self-XSS (only affects your own session)

05 Program Rules

1 One bug = one report. Duplicates will be rejected.
2 First reporter gets the reward. Timestamp from Discord message.
3 Security bugs require responsible disclosure (do not share publicly).
4 You must be logged in with a paying account to claim rewards.
5 Rewards are applied as Pro subscription extensions.
6 We reserve the right to determine severity level.
7 Self-inflicted bugs (e.g., deleting your own data) do not qualify.
8 Bugs in third-party services (Paddle, Discord) are out of scope.

Ready to hunt some bugs?

Join our Discord, report bugs, and help us build a better product. Every bug you find makes StacksFinder stronger for everyone.

Join Discord View Pricing

Program ends June 30, 2026