Bug Bounties

Immunefi Bounty Program

ALEX maintains the quality and security of the ecosystem through different means. One of them is the Immunefi Bug Bounty Program. If you are interested in participating and detecting vulnerabilities to earn rewards, head over to the ALEX section on Immunefi, or continue reading to find out more.

Overview

The Immunefi Bug Bounty Program is designed to incentivize security researchers to find and report vulnerabilities in the ALEX ecosystem. By participating, ethical hackers help ensure the integrity and safety of ALEX’s smart contracts, infrastructure, and overall platform security.

Rewards

The bounty rewards are paid in ALEX, and they are based on the severity of the discovered vulnerability. Immunefi follows the industry-standard Common Vulnerability Scoring System (CVSS) to classify bugs into different levels:

• Critical: Highest payout, affecting key smart contracts or assets at risk

• High: Affects platform stability or user funds, but with mitigations

• Medium: Potential exploits with limited impact

• Low: Minor vulnerabilities with little to no security risk

Exact reward amounts may vary based on the severity, impact, and quality of the report.

Requirements

• Proof of Concept (POC): A clear explanation and working proof-of-concept (PoC) demonstrating the impact of the vulnerability must be provided.

• Official disclosure: Report vulnerabilities through the official Immunefi platform. Public disclosure before resolution disqualifies the submission.

• Testing on local forks: No testing should be done on either the ALEX mainnet or testnet. Use local forks of either of those networks

• Novelty of vulnerabilities: Vulnerabilities must not have been included in prior audits

For additional requirements and prohibitions, please refer to the Immunefi page.