Skip to main content

πŸ› Bug Bounty Program

Want to be rewarded for finding and reporting vulnerabilities in our software? You're in the right place!

The Inferno Collection Bug Bounty Program is open to both existing clients and members of the public. We provide rewards for responsible disclosure of security issues in our supported FiveM resources and web services.

πŸ“’ Submissions must be made through our Discord server. Create a private thread in the #bug-bounty channel to get started.

πŸ” Scope​

Not all systems are in scope. Below is a list of what currently qualifies.

βœ… In Scope​

  • FiveM Resources

    • Fire Alarm: Reborn
    • Station Alert

  • Web Services

    • Inferno Collection API

🚫 Out of Scope​

  • Other FiveM Resources not listed above
  • Other Websites not listed above
  • General exclusions:
    • Denial of Service (DoS) or rate-limiting abuse
    • Social engineering or phishing attempts
    • FiveM platform-level exploits (we cannot fix these)
    • Spam or content-based abuse
    • Brute-force or credential stuffing attacks

❓ Not sure if something is in scope? Ask us on Discord or submit it anyway β€” we’ll review it in good faith.

πŸ›  Severity & Rewards​

We categorize submissions based on real-world impact. Well-written reports with clear reproduction steps or proof of concept may receive increased rewards.

SeverityDescriptionReward
πŸŸ₯ CriticalTotal compromise (e.g., RCE, bypassing server security, unauthorized TriggerEvent, GlobalState manipulation)$50–$100 Tebex Store credit or $25–$50 PayPal
🟧 HighMajor issues (e.g., exploiting other players, bypassing restrictions)$25–$50 Tebex Store credit
🟨 MediumGameplay-impacting bugs (e.g., unintended UI access, interaction misuse)$5–$25 Tebex Store credit
🟩 LowMinor or cosmetic issues (e.g., typos, UI glitches)A Thank You!

All valid reports will earn the bug reporter a special Discord role.

🀝 Coordinated Disclosure Policy​

We ask researchers to follow a coordinated disclosure process:

  1. Report issues privately via Discord.
  2. Do not publicly share details before we give permission.
  3. Allow 5–15 business days (depending on severity) for investigation and resolution.
  4. Follow this policy to remain eligible for recognition and rewards.

🚨 Publicly disclosing vulnerabilities without permission may result in disqualification from the program.

πŸ›‘ Safe Harbor​

We are committed to working with ethical researchers. If you comply with this policy and act in good faith:

  • You will not be penalized for reporting a vulnerability.
  • We will not pursue legal action if:
    • Your testing does not disrupt services (e.g., no server crashes).
    • You do not access or alter data you don't own.
    • You report everything directly through our Discord.

If you're unsure whether an action is permitted, ask first β€” we’re happy to clarify!

πŸ“¬ Submitting a Report​

To submit a report:

  1. Join our Discord server.
  2. Navigate to the #bug-bounty channel.
  3. Create a private thread and include:
    • A detailed description of the issue
    • Steps to reproduce
    • Proof of concept or working example, if possible

βœ… The more complete your report, the more likely you'll receive a reward!

Thank you for helping us make Inferno Collection more secure!