Frequently asked questions

If you wish to change your username or email, please contact Remedy support at support@r.xyz or message us on Discord.

You may receive notifications for programs you have bookmarked. To check and manage your bookmarked programs, visit your "Bookmarks" section in your programs page. If you want to stop receiving notifications for a specific program, you can simply remove it from your bookmarks.

Bookmark the programs you are interested in to receive updates. This will ensure you stay informed about any developments or changes related to the programs you have bookmarked.

If you also want to be notified about new bug bounty programs as soon as they launch - join our Community.

To initiate the account deletion or deactivation process, please contact us at support@r.xyz. Our support team will guide you through the necessary steps and assist if needed.

You can cancel your report when the status is "Bug Reported" and neither an organization nor a triager has started reviewing the report.

Keep in mind that canceling a report should be done judiciously and primarily when necessary, as excessive cancellations will result in your account freeze.

No, you can not edit a submitted report on Remedy. Once you have submitted a report, it is hashed and recorded on the blockchain as proof of your submission. This immutable record ensures the integrity and transparency of the bug-tracking process, and no one can modify it. Therefore, it's essential to review and confirm the accuracy of your report before submission.

You can add details in the report thread, but remember that it will not be recorded on the chain.

If the program on which you submitted a report updates after your submission, rest assured that your report will be reviewed based on the program version on which it was originally submitted. This ensures that the assessment and review process remains consistent with the state of the program at the time of your report.

Your findings will be evaluated in the context of the program's specific configuration and vulnerabilities as they existed when you made your submission.

If the program on which you submitted a report disappeared from the programs list after your submission, rest assured that your report will be reviewed based on the program version on which it was originally submitted. This ensures that the assessment and review process remains consistent with the state of the program at the time of your report.

Your findings will be evaluated in the context of the program's specific configuration and vulnerabilities as they existed when you made your submission.

No, you cannot edit or delete your messages in the report thread.

The report thread is intentionally uneditable for all users, primarily for security reasons. This serves as a crucial proof and historical record, ensuring the integrity and transparency of the communication and actions taken within the thread. Therefore, it's important to exercise caution and accuracy when posting messages in the report thread, as they cannot be modified or removed once posted.

Our Terms and Conditions state that the report can take up to 14 days to be reviewed. However, our professionals do their best to review all reports immediately.

Depending on the workload, the process can take anywhere from 10 minutes to 14 days. You’ll see the status of your report in the thread.

Additionally, once escalated to the organization, they have up to 45 days to review and close the report. Our team actively works to ensure that your report receives a prompt response.

• The system limits bug submissions to a maximum of 10 per user daily. After the 10th submission, the action button will be disabled. You can still edit draft reports and create new ones but cannot submit them.

• If your bug report is marked as SPAM three times in 72 hours, your participation in programs will be limited for the next 72 hours.

• The system limits report cancellation to a max of 3 times per 72 hours. If the user cancels for the 4th time within 72 hours, the system limits your participation in programs for the next 72 hours.

Public disclosure of a bug report before the organization addresses and resolves the issue, or in cases where the organization has not accepted the report and the bug is disclosed sooner than 45 days, is considered a breach of Remedy Terms and Conditions (T&C).

In such instances, the Organization and the Platform reserve the right to pursue all legal remedies for damages. We strongly advise you to carefully review the T&C for more details on the specific policies and procedures regarding bug disclosure.

Our team of triagers is actively monitoring the platform to ensure that no reports are missed. However, if you find that your report is taking longer than expected to be reviewed, we recommend contacting our support team at support@r.xyz or contacting us on our discord.

We will assist you in investigating the status of your report and provide any necessary updates. Your patience is appreciated, and we are committed to promptly addressing and resolving any issues.

If someone else has reported the same bug that you've identified, our policy considers such reports as duplicates, and they are not eligible for an additional payout. However, at Remedy, we prioritize transparency and trust in our bug bounty program. To ensure fairness and accuracy in determining duplicate reports, we've implemented a feature using Zero-Knowledge Proof (ZK Proof) technology.

To understand how our proof of duplicate works and the steps involved, please refer to our Proof of Duplicate feature here.

We prioritize the security and fairness of interactions between hackers and organizations. To achieve this, we have implemented Zero-Knowledge Proof (ZK Proof) as part of the "Proof of Duplicate" feature. This approach not only ensures the integrity of reports but also safeguards security experts from potential deception by organizations or triagers. Learn more about proof of duplicate here.