Mobile Applications

Rewards for Android / iOS

🔐 Non-Custodial Operations

Bron never holds or controls user private keys, funds, or assets. All transactions are user-initiated and executed directly with third-party smart-contract protocols. Swap and staking functions are performed via independent third-party APIs. Bron only provides technical access and does not pool, intermediate, or custody user assets.

Reward Calculation (INACTIVE)

Rewards are calculated based on the CVSS v4.0 Base score. Use the official calculator: https://www.first.org/cvss/calculator/4-0

🎖️ NFT Reward Guarantee

Every accepted bounty submission entitles the researcher to a non-transferable Bron NFT in addition to the monetary reward listed below. The NFT grants a complimentary Basic tier subscription for 2026 (or an upgrade to the next tier if Basic is already active, capped at Enterprise). To receive any reward, a Bron wallet is required — bounty payments are distributed in stablecoins to the researcher's Bron wallet address.

⚠️ THIS TABLE IS FOR REFERENCE ONLY - PROGRAM NOT ACTIVE
Severity Level CVSS v4.0 Score Reward Range (USD)
Low 0.1 — 3.9 $5 — $50
Medium 4.0 — 6.9 $50 — $1,500
High 7.0 — 8.9 $1,500 — $5,000
Critical 9.0 — 9.4 $5,000 — $10,000
Exceptional 9.5 — 10.0 $10,000+
💰 Reward Adjustments (WHEN ACTIVE)

If the PoC demonstrates direct financial impact, mass PII leakage, or full account takeover with access to funds, our security team may apply an increased reward within the specified ranges.

🛡️ Compliance Notice

All bounty payments will be made in USD-denominated stablecoins to the researcher's Bron wallet address and are subject to sanctions screening and anti-money-laundering controls consistent with Bron's compliance policy. Rewards cannot be paid to individuals or entities on applicable sanctions lists.

Scope (FOR REFERENCE - PROGRAM INACTIVE)

When the program becomes active, it will cover vulnerabilities found in:

  • Android Applications: Official Bron mobile app for Android
  • iOS Applications: Official Bron mobile app for iOS
  • Mobile-specific issues: Local storage, cryptographic implementations, IPC, etc.
📱 Mobile Program Status

IMPORTANT: The Mobile Bug Bounty program is not currently active. All information on this page is for reference purposes only.

We are preparing to launch mobile application testing as part of our Bug Bounty program. If you are interested in testing our mobile applications when the program launches, please monitor this page or contact us at [email protected] for updates.

Unsolicited mobile vulnerability reports submitted before program activation will not be eligible for rewards.