Ibotta

  • $50 – $5,000 per vulnerability
  • Safe harbor
  • Managed by Bugcrowd

Updates to Scope & First-to-Find Bonus

We have some updates & Bonus opportunities for Ibotta:


Mobile & API Target - Ibotta App Data & Memory

Researchers are welcome to attempt Reverse Engineering or Decompiling the mobile applications to review the source code.
Focus areas include:

  • Sensitive Data Exposure (credentials)
  • Vulnerable Functions
  • Bad Cryptography
  • Code Tampering

The first researcher to submit a valid & unique vulnerability will receive an additional $500 bonus


Web Targets - Web V2

This is a refreshed web application by the Ibotta team.
Focus areas include:

  • Client Code Quality
  • Extraneous Functionality
  • Improper Platform Usage 

The first researcher to submit a valid & unique vulnerability will receive an additional $250 bonus


As always, please be sure to review the program brief in detail, and if you have any questions, please reach out support@bugcrowd.com.

Happy Hunting!