๐Ÿ’ฒBug Bounty

โžก๏ธ โžก๏ธ Input your Report: https://forms.gle/UJb8iT7AP9SiapWbA

GitHub Link: https://github.com/dalveytech/blex-contract

The security of the system is the top priority of our team. However, even with rigorous scrutiny and audits, given the novelty of the growing DeFi ecosystem, the potential for vulnerabilities still exists. That is why, based on our own efforts and professional audits, we have implemented a bounty program to identify bugs and vulnerabilities in the protocol infrastructure and smart contracts. In other words, we will reward you for helping us make the system as impenetrable as possible. If you come across a problem, we kindly ask you to let us know so we can take immediate steps to resolve it.

Plan

Submitted issues need to meet the minimum severity criteria described below to be eligible for bounties. Successfully reviewed submissions will be rewarded in USDT based on the severity of the issue classification:

  1. Low: Up to $1,000 - Issues that may cause user dissatisfaction or minor technical malfunctions (excluding UI and interaction issues)

  2. Medium: Up to $5,000 - Issues that theoretically could cause minor losses of less than 0.1% of protocol funds, damage protocol state, or cause serious user dissatisfaction or moderate technical malfunctions

  3. High: Up to $15,000 - Issues that may cause immediate loss of '0.1% < X <10%' of protocol funds or severe damage to protocol state

  4. Critical: Up to $100,000 - Issues that may cause immediate loss of 10% or more of protocol funds or permanent damage to protocol state

Rules

  1. Rewards will vary depending on the severity of the issue. Additionally, you can increase your reward by providing high-quality information on the following: problem description, an explanation of how to reproduce the problem, and a solution (optional).

  2. If you want to add more information about reporting the issue, you can create a new submission that includes a reference to the initial submission.

  3. Duplicate reports of known issues will be disqualified. The first submission will receive the reward. Therefore, please report promptly.

  4. Rewards will be determined based on the specific circumstances of each event. The Bug Bounty Program and terms and conditions are subject to BLEX's full discretion.

  5. The Bug Bounty Program's terms and conditions may change over time.

  6. Any disruption to the protocol or client/platform service while the issue is active, accidental or not, will invalidate the submission and disqualify it from receiving a reward.

  7. Public disclosure of the vulnerability will ensure the disqualification of the submission. Please read and comply with the following responsible disclosure policy, otherwise, your report may not be eligible for a reward.

Responsible Disclosure Policy

If you discover a vulnerability, please make sure to follow all of the following steps:

  1. Write a detailed and accurate problem report as soon as possible, and email it to:

  2. Do not disclose any information about the problem to anyone outside of the team.

  3. Do not exploit the problem for personal gain.

  4. Do not attack our systems or protocols.

Once we receive your report, we promise to do the following:

  1. Respond to your report within 5 working days

  2. Strictly keep your report confidential

  3. Provide you with the latest information on the submission status and solutions to the reported problem

  4. Unless you have other intentions, name you as a successful bounty hunter to thank you

  5. Provide you with appropriate rewards according to the previous rules, to thank you for helping us make BELX as safe as possible!

PreviousFAQNextAbstract

Last updated