Bug bounties

Submit security findings to Whop

Review the reward ranges below, then send a structured report. Whop assigns final severity and payout after review.
Submit a report

Reward structure

Indicative ranges by the severity Whop assigns after review, not by the severity you select in the form. Final amounts depend on impact, data at risk, and quality of reproduction.
Critical$2,500 to $5,000+
High$1,000 to $2,500
Medium$250 to $1,000
Low$50 to $250
Amounts are discretionary based on report quality, user impact, and proof-of-concept inclusion. Whop has sole discretion over final severity, payout amounts, and eligibility.

Report details

Include clear steps to reproduce and impact.
* Required fields
Your severity and reward expectations are your assessment only. Whop has sole discretion over final severity, payout amount, and eligibility when we triage the report.