Skip to main content

Bug Bounty Program

Updated over 5 months ago

Help us improve Loophole and earn account promotional credits. When you report legitimate, reproducible bugs, you may be eligible for rewards based on the severity and impact of the issue.

โš ๏ธ Note: This article is a simplified summary. For the most accurate and complete terms, please review our Terms and Conditions.

How It Works

It's simple:

  1. Find a bug - Discover an issue while using Loophole

  2. Report it - Submit through the "Report Bug" button at the bottom of the website

  3. We investigate - Our team reviews and verifies your report

  4. Get rewarded automatically - If eligible, promotional credit is added to your account

You don't need to request the bounty. If you're eligible, you'll receive it automatically and get an email notification.

Who's Eligible

  • You must be logged in when submitting the bug report

  • You must be the first to report it - No duplicate rewards

  • The bug must be legitimate and reproducible

  • The bug must not be a duplicate of an existing report

Reward Tiers

Tier 1: Cosmetic ($10 - $15 promotional credit)

Minor issues that don't break functionality:

  • Typos or grammatical errors

  • Broken links

  • Visual glitches or layout inconsistencies

  • Minor UI/UX annoyances

Tier 2: Functional ($25 - $50 promotional credit)

Bugs that affect how features work:

  • Form submission failures

  • Logic errors in workflows

  • Interface malfunctions

  • Features not working as intended

Tier 3: High Impact ($75 - $150 promotional credit)

Serious issues that affect critical functions:

  • Billing inaccuracies

  • Account state errors

  • Broken service workflows

  • Data sync issues

Tier 4: Critical ($200 - $500+ promotional credit)

Major vulnerabilities and security issues:

  • Security flaws

  • Data exposure risks

  • Unauthorized access pathways

  • System-wide failures

Submission Guidelines

What makes a good bug report:

  • Clear explanation of the issue

  • Specific details about what happened and where

  • Screenshot or screen recording

  • Step-by-step reproduction instructions when possible

What won't qualify:

  • Vague or unverifiable reports

  • Duplicate reports (we reward the first reporter)

  • Issues you've already exploited before reporting

  • Fabricated or intentionally created "bugs"

Examples of good reports:

  • "When I click 'Accept Quote' on Quote #12345, the page refreshes but the quote stays pending. I've tried on Chrome and Safari. Screenshot attached."

  • "The billing history page shows duplicate charges for September 2025. My account balance was charged twice for the $29 monthly fee on Sept 10th."

  • "Found a way to view other users' uploaded file logs by changing the URL parameter. Steps to reproduce: [detailed steps]. Not exploited - reporting responsibly."

Examples that won't qualify:

  • "Something's broken on the dashboard" (too vague)

  • "I think there might be a bug with quotes" (unverifiable)

  • "The AI gave me a response I didn't like" (not a bug)

About Promotional Credit

Bug bounty rewards are issued as Promotional Credit, which:

  • Can be used to pay for services, monthly fees, Tool Action Credits, or subscriptions

  • Has no cash value and cannot be withdrawn or transferred

  • Is nonrefundable

  • May expire or be revoked at Loophole's discretion

Important Rules

Bug bounty rewards are discretionary, not guaranteed.

Prohibited actions:

  • Exploiting bugs before reporting them

  • Creating or fabricating fake issues

  • Submitting duplicate reports intentionally

  • Using bugs for personal gain before disclosure

  • Any form of system abuse or manipulation

Loophole reserves the right to:

  • Deny rewards for low-quality, misleading, or duplicate reports

  • Cap monthly promotional credit totals

  • Suspend or terminate the program at any time

  • Restrict or ban accounts that abuse the system

Users who violate these rules may be disqualified from the program and face account restrictions or termination.

Responsible Disclosure

If you discover a security vulnerability or critical bug:

  • Report it immediately through the bug report system

  • Do not exploit, share, or disclose it publicly before we've had a chance to fix it

  • You may be eligible for the +50% responsible disclosure bonus

We take security seriously and appreciate those who help us keep Loophole safe for everyone.

Questions?

Have questions about the bug bounty program? Please start a chat or email us at [email protected].

Want to report a bug right now? Click the "Report Bug" button at the bottom of any page on Loophole.

Did this answer your question?