Security

Bug Bounty

Reward program for responsibly disclosed vulnerabilities.

Overview

Exchange is committed to the security of our platform and the protection of our users. We invite security researchers to responsibly disclose vulnerabilities they discover.

Scope

The following assets are in scope for our bug bounty program:

  • Web application (exchange frontend and API)
  • Authentication and authorization systems
  • Wallet and transaction processing
  • Smart contract integrations
  • Trading engine and order matching

Reward Tiers

Critical$5,000 -- $15,000
High$2,000 -- $5,000
Medium$500 -- $2,000
Low$100 -- $500

Rules

  • Do not access, modify, or delete data belonging to other users
  • Do not perform denial-of-service attacks
  • Do not publicly disclose the vulnerability before it is fixed
  • Provide a clear, detailed report with steps to reproduce
  • Only test against accounts you own or have explicit permission to test

How to Report

Send vulnerability reports to security@exchange.com with a detailed description, steps to reproduce, and any supporting evidence (screenshots, logs, proof of concept).

We aim to acknowledge reports within 48 hours and provide a resolution timeline within 5 business days.