Reporting issues: Spike’s Responsible Disclosure Program

Spike’s Responsible Disclosure Program

At Spike, we consider the security of our systems a top priority. If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. If you think you have found a bug, vulnerability or want to report an issue, please contact Spike’s security team.


If you are a security researcher and would like to submit your vulnerability report to our Bug Bounty program, please send the report with all the relevant details (according to the guidelines below) to

? Thanks for helping keep Spike secure.


Guidelines for Vulnerability Reports:

  • The Subject Line of the email should be the name of the vulnerability (do not write in ALL-CAPS)
  • The report should always be included in the body of the email (even if it is also attached)
  • Always provide a POC video – any POC is for internal use only and may not be publicly disclosed
  • Always specify the affected platform, version, etc.
  • Each vulnerability should be sent as a separate report
  • Multiple reports of the same root cause will be considered one single report and paid out accordingly
  • All payouts are made on the 5th of each month
  • Payouts are sent to PayPal accounts – bug hunters should provide the address in their report
  • Patches are released according to our internal deadlines, not according to the payments
  • Only the first report we receive about a given vulnerability will be rewarded as listed in the Program Note

We hope this was helpful!
If you go through these steps and need more help, our team will be happy to help 😎