Ibotta

Mobile app providing cash back for users through in-app purchases, loyalty card integrations, payments, and receipt scanning.

  • $250 – $7,500 per vulnerability
  • Safe harbor
Submit report

Updates to Scope & First-to-Find Bonus

We have some updates & Bonus opportunities for Ibotta:

Mobile & API Target - Ibotta App Data & Memory

Researchers are welcome to attempt Reverse Engineering or Decompiling the mobile applications to review the source code.
Focus areas include:

  • Sensitive Data Exposure (credentials)
  • Vulnerable Functions
  • Bad Cryptography
  • Code Tampering

The first researcher to submit a valid & unique vulnerability will receive an additional $500 bonus

Web Targets - Web V2

This is a refreshed web application by the Ibotta team.
Focus areas include:

  • Client Code Quality
  • Extraneous Functionality
  • Improper Platform Usage 

The first researcher to submit a valid & unique vulnerability will receive an additional $250 bonus

As always, please be sure to review the program brief in detail, and if you have any questions, please reach out support@bugcrowd.com.

Happy Hunting!

Sarah_Bugcrowd
Sarah_Bugcrowd