The final acquisition offer from Crowdfense is based on both the impact of the vulnerability and the technical quality of the exploit. To maximise your reward, consider the following factors:
Vulnerability Scope & Impact
-
Targeting widely used products or platforms increases value
-
Higher severity bugs (e.g., RCEs, sandbox escapes) are rewarded more than lower-impact ones (e.g., LPEs)
-
Bugs that require minimal configuration changes or user interaction are more attractive
-
Broader coverage across multiple versions or systems boosts payout potential
Exploit Quality
-
High reliability and stability across different environments
-
Bypasses for modern exploit mitigations (e.g., DEP, ASLR, CFG)
-
Support for process continuation or clean post-exploitation state
-
Clean implementation, no hardcoded offsets, no brittle ROP chains
-
Fully documented technical analysis and root cause breakdown
The more impactful, versatile, and professionally packaged your submission is, the more valuable it becomes.