Security

Bug Bounty

Reward program for responsibly disclosed vulnerabilities.

Overview

Exchange is committed to the security of our platform and the protection of our users. We invite security researchers to responsibly disclose vulnerabilities they discover.

Scope

The following assets are in scope for our bug bounty program:

Web application (exchange frontend and API)
Authentication and authorization systems
Wallet and transaction processing
Smart contract integrations
Trading engine and order matching

Reward Tiers

Critical$5,000 -- $15,000

High$2,000 -- $5,000

Medium$500 -- $2,000

Low$100 -- $500

Rules

Do not access, modify, or delete data belonging to other users
Do not perform denial-of-service attacks
Do not publicly disclose the vulnerability before it is fixed
Provide a clear, detailed report with steps to reproduce
Only test against accounts you own or have explicit permission to test

How to Report

Send vulnerability reports to [email protected] with a detailed description, steps to reproduce, and any supporting evidence (screenshots, logs, proof of concept).

We aim to acknowledge reports within 48 hours and provide a resolution timeline within 5 business days.