Critical: $750 - $1,500
High: $250 - $750
Medium: $100 - $250
Low: $50 - $100
Reward tier is determined based on vulnerability severity and actual business impact. Special cases can be rewarded up to $7,000. Testing environment vulnerabilities are counted as 0.1 times their OnePlus-owned component counterpart. We do not accept reports that have been uploaded elsewhere.
Reports with the following will be considered for a larger reward: a clear and concise summary of the vulnerability, text reproduction steps (including payloads, relevant URLs/IPs, API or fields), an impact analysis, remediation suggestions.