Security At Smarkets

As a financial technology company in the gambling industry, for Smarkets security is essential.

While we do not have an official bug bounty program in place at the moment, we welcome vulnerability disclosures. If you think you have found a security issue with the site, the apps or our APIs please send the information about the find to security@smarkets.com and our security team will get back to you. Depending on the scope and severity of the issue we may award a bounty for the disclosure at our discretion.

The Legal Bits

• For identifying vulnerabilities, you can only use your own account. You are not allowed to access, target or attack other customers’ accounts or any of their information.
• Denial-of-Service attacks are not in scope. Please don’t try them.
• If you find a remote code execution issue, do not try to pivot or further explore the limits of the vulnerability. Proof-of-concept is enough.
• Do not exfiltrate data, even if you could.

Breaching any of these guidelines will automatically disqualify the findings from being considered for a bounty.