Bug Bounties
Immunefi Bounty Program
ALEX maintains the quality and security of the ecosystem through different means. One of them is the Immunefi Bug Bounty Program. If you are interested in participating and detecting vulnerabilities to earn rewards, head over to the ALEX section on Immunefi, or continue reading to find out more.
Overview
The Immunefi Bug Bounty Program is designed to incentivize security researchers to find and report vulnerabilities in the ALEX ecosystem. By participating, ethical hackers help ensure the integrity and safety of ALEXβs smart contracts, infrastructure, and overall platform security.
Rewards
The bounty rewards are paid in ALEX, and they are based on the severity of the discovered vulnerability. Immunefi follows the industry-standard Common Vulnerability Scoring System (CVSS) to classify bugs into different levels:
Critical: Highest payout, affecting key smart contracts or assets at risk
High: Affects platform stability or user funds, but with mitigations
Medium: Potential exploits with limited impact
Low: Minor vulnerabilities with little to no security risk
Exact reward amounts may vary based on the severity, impact, and quality of the report.
Requirements
Proof of Concept (POC): A clear explanation and working proof-of-concept (PoC) demonstrating the impact of the vulnerability must be provided.
Official disclosure: Report vulnerabilities through the official Immunefi platform. Public disclosure before resolution disqualifies the submission.
Testing on local forks: No testing should be done on either the ALEX mainnet or testnet. Use local forks of either of those networks
Novelty of vulnerabilities: Vulnerabilities must not have been included in prior audits
For additional requirements and prohibitions, please refer to the Immunefi page.
Last updated
Was this helpful?