We are excited to launch our bug bounty program with Immunefi for 0x v2. The program is open to anyone, with rewards up to $1M for critical exploits.
0x v2’s new smart contracts are fully audited, with four audits from three separate firms, including Ourovoros, Trail of Bits, OpenZeppelin, and Trail of Bits a second time. 0x also leverages Dedaub’s industry-leading security suite to continuously analyze our contracts as we develop them. Learn more about 0x v2.
With this bounty, we hope to incentivize ethical hackers to discover and report vulnerabilities in the 0x v2 architecture.
Program Overview
The bug bounty program covers 0x Settler (Smart Contracts), Swap API, Gasless API, and the Matcha website.
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2.3. Final reward amounts will be paid in USDC on Ethereum.
Critical Reports
For critical smart contract bugs, the reward amount is 10% of the funds directly affected up to a maximum of $1,000,000. The calculation of the amount of funds at risk is based on the time and date the bug report is submitted. A minimum reward of $100,000 is to be rewarded in order to incentivize security researchers against withholding a critical bug report.
High Level Reports
High vulnerabilities concerning theft/permanent freezing of unclaimed yield/royalties are rewarded within a range of $35,000 to $100,000 depending on the funds at risk, capped at the maximum reward.
Web/App Reports
Critical website and application bug reports will be rewarded with $50,000.
You can find full program details here.
Happy bug hunting!
Ready to get serious?
0x v2 offers the most seamless swap experience at the best all-in prices with optimal trade execution, powerful new monetization features, and enhanced security baked in at the ground level.
0x v2 is currently in open beta. Book a v2 onboarding call to get started.
Contents
Subscribe to newsletter