Bug / Exploit Bounty Program - Get your reward!

HWS Get Support
, ,
1

Ingame Bounty Program

Hey friends!

There are many exploits in the game that makes it sometimes quite unfair to play.
Therefore we decided that we will reward you for telling us these exploits. We on the other hand will send them directly to the devs.

What to do?
You know an exploit that makes playing unfair?
Write us a pm or email over the forum or steam. Please don’t post them in this thread :wink:. We don’t want them to spread.
Please tell us exactly how the exploit works so that we can test it ourselves.

Who will be rewarded?
For each exploit: The first one who tells us about a working exploit that we can reproduce will be rewarded.
If the exploit can only be reproduced under very special circumstances we will try our best with you to find it.
If someone else told us about that exploit already the second and third person will still receive a thank you.

Whats the reward?
It depends on the gravity of the exploit.
The bigger the exploit → the bigger the reward.
Smaller exploits = smaller reward.
But a reward is a reward :slight_smile:

Examples can really range from free Resource Packages, to free Garage Ships, to whole Supporter Playfields.

We thank you all for helping the Devs to make that Game even better!

:shield: Web Bug Bounty Policy

We highly value the security of our users and their data. If you discover a vulnerability in our application, we greatly appreciate your help in reporting it so we can fix it as quickly as possible.

:white_check_mark: What We Expect

Please follow these basic guidelines when testing our security:

  • Do not attack real user accounts
  • No Denial-of-Service attacks (DoS, DDoS)
  • No social engineering
  • Only test with your own data and accounts
  • Act responsibly and privately

:bullseye: In Scope

The following components of our application are open for security testing:

:prohibited: Out of Scope

  • Attacks on third-party services
  • Vulnerabilities that only affect outdated browsers or extensions
  • Missing security headers without a concrete attack vector
  • Weak passwords in test accounts

:lady_beetle: Examples of Relevant Vulnerabilities

  • Cross-Site Scripting (XSS)
  • SQL Injection
  • Unauthorized access to data (IDOR, insecure APIs)
  • Flaws in authentication or session management
  • Exposed API keys or sensitive data

:money_bag: Rewards

As a thank-you for your help, we offer voluntary rewards depending on the severity of the discovered issue:

Severity Example Reward
Low Open endpoints without impact €20 – €50
Medium Reproducible XSS or IDOR €100 – €300
High Access to foreign data, account takeover €300 – €1000
Critical Remote Code Execution, Auth bypass Negotiable :money_with_wings:

The exact amount will be determined based on impact, exploitability, and report quality.

:open_mailbox_with_raised_flag: How to Report a Vulnerability

Please contact me on Discord or here in the forum under:

@RexXxuS

Include the following information:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • Screenshots or a proof-of-concept (if possible)
  • A way to contact you (Email, Telegram, etc.)

:heart: Our Promise

  • We usually respond within 5 business days
  • Your report will be kept confidential
  • We will credit you as the finder if you wish
  • We strive to fix reported issues quickly

Thank you for helping make our platform more secure!

2 Likes