Updated 0x Protocol v4 Bug Bounty

0x
  • We are excited to announce an updated bug bounty program for 0x Protocol v4!
  • The program is open to anyone, with rewards of up to $1M for critical exploits

0x Protocol is an open protocol that facilitates the exchange of digital assets. In 2019 we introduced v4, a modular smart contract architecture that enables us to innovate with minimal friction alongside the growing DeFi and NFT ecosystems. While v4 contracts initially only supported ERC-20 swaps, we will soon be adding support for ERC-721 and ERC-1155 swaps.

The updated bug bounty program aims to incentivize ethical hackers to discover and report vulnerabilities in the 0x Protocol architecture. The bug bounty covers any of the core smart contracts deployed on Ethereum mainnet, Binance Smart Chain, Polygon, Avalanche, Fantom, Celo, Optimism and future deployments on other EVM-compatible networks.

The list of deployed contracts eligible for the bug bounty can be found here. The most recent addition is the NFT swap feature coming soon to v4 that enables the trading of ERC-721 and ERC-1155 assets.

Bounty program rewards will be paid out according to the severity of a vulnerability. The severity of reported vulnerabilities will be graded according to the Common Vulnerability Scoring Standard (CVSS). The final reward amount is at the sole discretion of 0x Labs and will be paid in the specified sum in either USD or ETH.

Rewards are split based on the severity of the vulnerability as follows:

Exploit Score Reward
Critical (CVSS 9.0 - 10.0) up to $1,000,000
High (CVSS 7.0 - 8.9) up to $350,000
Medium (CVSS 4.0 - 6.9) up to $35,000
Low (CVSS 0.0 - 3.9) up to $5,000

Please e-mail all submissions to security@0x.org with the subject “BUG BOUNTY”. Submissions should include any steps required to reproduce or exploit the vulnerability. After receiving a submission, we will contact you with the expected timeline for a fix to be implemented. Please allow time for the vulnerability to be fixed before discussing any findings publicly.

Happy bug hunting!

comments

Sign in or become a 0x Blog member to join the conversation.


Ready to build on 0x?

Get Started

Chat with the community

Join 0x Discord