How can I increase the potential bounty/reward for my research?

The final acquisition offer from Crowdfense is based on both the impact of the vulnerability and the technical quality of the exploit. To maximise your reward, consider the following factors:

Vulnerability Scope & Impact

  • Targeting widely used products or platforms increases value

  • Higher severity bugs (e.g., RCEs, sandbox escapes) are rewarded more than lower-impact ones (e.g., LPEs)

  • Bugs that require minimal configuration changes or user interaction are more attractive

  • Broader coverage across multiple versions or systems boosts payout potential

Exploit Quality

  • High reliability and stability across different environments

  • Bypasses for modern exploit mitigations (e.g., DEP, ASLR, CFG)

  • Support for process continuation or clean post-exploitation state

  • Clean implementation, no hardcoded offsets, no brittle ROP chains

  • Fully documented technical analysis and root cause breakdown

The more impactful, versatile, and professionally packaged your submission is, the more valuable it becomes.