HL GAMING – OFFICIAL BUG BOUNTY POLICY (Latest Version)


1. INTRODUCTION AND OBJECTIVE

HL Gaming recognizes the importance of security and is committed to maintaining a secure environment for all of its users and platforms. This Bug Bounty Program is designed to recognize the valuable contributions of ethical security researchers who help us protect our users and services. This document outlines the rules of engagement, scope definitions, reporting structure, reward eligibility, legal disclaimers, and enforcement policies that must be followed to participate in the HL Gaming Bug Bounty Program.

No exceptions shall be made outside this policy. Participation in this program constitutes your agreement to abide by all the conditions, obligations, and liabilities defined herein.

2. PROGRAM SCOPE – IN-SCOPE TARGETS

All testing, reporting, and interaction must be limited to the assets explicitly mentioned below:

2.1 Primary Web Properties:

2.2 Mobile Applications:

  • HL Gaming Android application (latest and beta versions)

  • HL Gaming iOS application (unavailable)

2.3 APIs and Services:

  • HL Gaming public RESTful APIs

  • Internal exposed APIs interacting with client applications

  • Any backend service tied directly to user data management

2.4 Web and Desktop Clients:

  • HL Gaming browser-based clients

  • HL Gaming game clients built on Electron, Unity, or custom platforms

2.5 Additional Scope:

  • Official SDKs or embedded modules owned and published by HL Gaming

3. OUT OF SCOPE – EXCLUDED TARGETS

Vulnerabilities in the following categories are not eligible and must not be tested:

  • Any third-party vendor software, domains, services, or infrastructure

  • HL Gaming internal test environments (unless explicitly granted)

  • Social engineering of any HL Gaming employee, contractor, or vendor

  • Physical access, network sniffing, or hardware-level attacks

  • Denial-of-Service (DoS), Distributed DoS (DDoS), or brute force attempts

  • Any attack that impacts the availability of services for other users

4. RULES OF ENGAGEMENT

4.1 Ethical Behavior:

  • Participants must conduct all research responsibly and ethically

  • Any finding must be reported immediately without exploiting the issue

4.2 Confidentiality:

  • No sensitive information obtained during research may be saved, disclosed, or shared in any manner

4.3 No Public Disclosure:

  • Public disclosure prior to an official fix or without HL Gaming approval is strictly prohibited

4.4 No Exploitation:

  • Testing must stop immediately after proof of vulnerability is obtained

  • Exploiting a vulnerability for demonstration beyond necessary proof of concept is forbidden

5. LEGAL PROTECTION – SAFE HARBOR POLICY

HL Gaming provides legal safe harbor for participants who:

  • Follow this policy and the rules of engagement

  • Report the vulnerability directly to HL Gaming in a responsible manner

However, HL Gaming reserves the full right to pursue civil or criminal legal action against any participant who:

  • Fails to report discovered vulnerabilities responsibly

  • Sells or leaks vulnerability details to any third party

  • Uses found vulnerabilities for personal, competitive, or malicious gain

  • Publishes findings publicly without permission

6. REPORT SUBMISSION GUIDELINES

All reports must be submitted in complete and verifiable format as follows:

  • Report Title: Clear and descriptive

  • Affected URL, Parameter, or Asset

  • Technical Description: Full vulnerability explanation

  • Steps to Reproduce: Detailed, numbered list

  • Proof of Concept: HTTP logs, cURL requests, video, or screenshots

  • Severity Assessment: Why it matters, and its potential business impact

  • Suggested Fix (optional, but appreciated)

Reports that are vague, incomplete, or not reproducible will be rejected without consideration.

7. SEVERITY RATING & REWARD STRUCTURE

The amount awarded is determined based on severity, originality, and quality of the report. All decisions are final.

Severity LevelDescriptionReward Range (USD)
LowMinor UI bugs, informational issues, header leaks$1 – $5
MediumLogical flaws, misconfigured access control, directory listings$10 – $20
HighSession token leaks, unauthorized access, exposed user data$25 – $40
CriticalFull authentication bypass, remote code execution, account takeover$50 maximum

8. REWARD TERMS AND CONDITIONS

8.1 Disqualification and Denial:

HL Gaming reserves full discretion to reject reward claims for:

  • Duplicate reports

  • Known issues

  • Non-reproducible submissions

  • Findings based on outdated systems

  • Misconfigured 3rd-party integrations

  • Vulnerabilities resulting from user misuse

8.2 Exploitation Consequences:

If a participant intentionally exploits a vulnerability, the following actions may occur:

  • Permanent blacklisting from all HL Gaming programs

  • Reporting to cybersecurity authorities and agencies

  • Pursuit of financial restitution or legal damages

8.3 Payment Details:

  • Verified via PayPal or bank transfer (subject to KYC)

  • Payout made within 14 business days after final validation

  • HL Gaming does not handle tax deductions or submit tax documents

  • All taxes are the sole responsibility of the recipient

9. CONFIDENTIALITY, COORDINATED DISCLOSURE, AND PUBLICATION

  • Participants must not publicly disclose any findings without written authorization

  • HL Gaming reserves the right to coordinate disclosure on its timeline

  • Unapproved press releases, blog posts, CVE submissions, or third-party claims are prohibited

Violation of disclosure terms will result in permanent suspension from the program, legal action, and denial of any bounty eligibility.

10. POLICY UPDATES AND TERMINATION CLAUSE

HL Gaming may revise, pause, or terminate this Bug Bounty Program at any time. Changes will be published on the official website and become effective immediately.

By continuing participation after policy changes, you accept the revised terms.

11. FINAL LEGAL CLAUSES

  • All reward decisions, severity classifications, and interpretations of this policy are final

  • This program is governed under the jurisdiction.

  • Any legal proceedings will be held exclusively in the courts.

Participants must retain all communication records and submission logs for future reference if disputes arise.

Live Support Team Chatonline
Welcome to Live Chat

HL GAMING OFFICIAL FAST VIEW

You are offline. Connect to the internet.
Site Guider Chat
SmartView

SmartView

Bookmarks

Recent

Most Visited

Suggestions

Edit Bookmark