Bug Bounty Program

Find bugs. Earn $MEI.

Help us build a more secure Mei Terminal. Report vulnerabilities and earn $MEI rewards — paid to your wallet.

Campaign Budget50M MEI remaining
0% paid out50M MEI total pool
Critical5,000,000 MEI

~$5.95 at current price

Authentication bypass, remote code execution, fund theft

High2,000,000 MEI

~$2.38 at current price

Privilege escalation, sensitive data exposure, SIWE exploit

Medium500,000 MEI

~$0.59 at current price

Logic bugs, UI manipulation, auth edge cases

Low100,000 MEI

~$0.12 at current price

Minor issues, informational findings, best-practice gaps

Rules & Scope

In Scope

  • meiterminal.vercel.app — all pages
  • Wallet sign-in flow (SIWE)
  • API routes (/api/*)
  • Supabase RLS bypass
  • MEI token balance check manipulation
  • Stripe checkout / webhook logic

Out of Scope

  • Social engineering
  • DoS / DDoS attacks
  • Third-party services (Supabase infra, Stripe, Vercel)
  • Self-XSS
  • Issues requiring physical access
  • Theoretical bugs with no PoC

Rewards are paid in $MEI to your connected wallet after manual triage and approval (up to 72h).

Final severity and reward is determined by our team. Self-reported severity is indicative only.

Max 3 submissions per wallet per 24 hours. Duplicate reports are rejected.

Submit a Report

Connect your wallet to submit a report. Rewards are sent to your connected address.