We understand that your code, applications, and user-data hosted on Repl.it are very important, so we take our responsibility to safeguard it seriously. After all, we use Repl.it to build our business too!
Being a small startup with limited resources we unfortunately can't run a bug bounty program. However, if you report a vulnerability responsibly, we'll work with you to fix the issue and credit you on our blog.
Pursuant to our terms of service, you should not take any actions that interfere or disrupt the service. When in doubt, and think there might be a risk of service disruption, then don't try to verify the bug yourself – email us and we'll work with you to verify it.
Email us at [email protected] with a description of the issue and we'll respond as soon as possible.