Security Policy
How to report security vulnerabilities in the Multando platform
Scope
This security policy applies to all Multando services, including:
- Multando Web Application (multando.com)
- Multando API (api.multando.com)
- Multando Mobile SDKs (Flutter, React Native, iOS, Android)
- MULTA Rewards Smart Contract on Solana
- WhatsApp Chatbot
Reporting a Vulnerability
If you discover a security vulnerability, please report it responsibly:
What to Include in Your Report
Description of the vulnerability and its potential impact
Steps to reproduce the issue
Affected component (web, API, mobile, smart contract, SDK)
Any proof-of-concept code or screenshots
Your contact information for follow-up
Response Timeline
AcknowledgmentWithin 24 hours
Initial assessmentWithin 72 hours
Fix deploymentWithin 7-30 days
Bug Bounty Program
We offer MULTA token rewards for responsibly disclosed vulnerabilities:
Critical
Up to 10,000 MULTA
High
Up to 5,000 MULTA
Medium
Up to 1,000 MULTA
Low
Up to 250 MULTA
Responsible Disclosure Rules
Please DO NOT:
- Access or modify other users' data
- Perform denial of service attacks
- Send spam or social engineering attacks to our users
- Publicly disclose the vulnerability before it's fixed
- Use automated scanning tools without permission
We will not pursue legal action against researchers who follow these guidelines and report vulnerabilities responsibly.
Source Code
Our SDKs and smart contract code are open source: