Are theoretically exploitable bugs (e.g., crash-only PoCs or triggers) eligible?

No, Crowdfense only acquires vulnerabilities that are proven to be practically exploitable and accompanied by a fully functional, reliable exploit targeting the latest stable versions of the affected software, system, or device.

We require working proof-of-concept code that demonstrates real-world exploitation potential.

However, if you believe your research holds exceptional value or could be developed into a complete exploit, feel free to contact us. We’re always open to discussing promising edge cases.