• Points – $15,000 per vulnerability

Program stats

  • Vulnerabilities rewarded 307
  • Validation within 7 days 75% of submissions are accepted or rejected within 7 days
  • Average payout $962.50 within the last 3 months

Latest hall of famers

Recently joined this program

716 total

Block, Inc.

This program is part of Block, Inc. You can participate in our other bug bounty programs below:

Cash App
Square Open Source

Serious about security

Our approach to security is designed to protect buyers and sellers. We monitor every transaction, continuously innovate in fraud prevention, and we protect businesses’ data like our business depends on it—because it does. We adhere to industry-leading standards to manage our network, secure our web and client applications, and set policies across our organization.

Ratings and rewards

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

We are particularly interested in problems with Square’s payment flows. Confirmed vulnerabilities that directly affect our payments flows and comply with these terms will receive a $500 minimum reward.


Please sign up for an account using your @bugcrowdninja.com email address. For more info regarding @bugcrowdninja email addresses, see here.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.