Protecting Our Community
At o1.exchange, security is our top priority. We’ve established a comprehensive bug bounty program to incentivize security researchers and developers to help identify vulnerabilities in our platform. Your contributions help us maintain the highest security standards for our users.Report Vulnerabilities
Discover and report security issues to earn rewards
Earn Rewards
Get paid for valid security findings based on severity
Reward Structure
Rewards are determined based on the severity and impact of the vulnerability:
| Severity | Description | Reward Range |
|---|---|---|
| High | loss of funds, significant impact | 5,000 |
| Medium | Limited impact, requires specific conditions | 1,000 |
| Low | Minimal impact, informational issues | 500 |
Attempting to exploit vulnerabilities on the mainnet or causing actual harm to users is strictly prohibited and may result in legal action.
How to Participate
1
Discover
Review our smart contracts, trading platform, and infrastructure for potential vulnerabilities
2
Document
Create a detailed report including:
- Clear description of the vulnerability
- Steps to reproduce
- Impact assessment
- Suggested fix (if applicable)
3
Submit
Send your report to our X account @o1_exchange via DM
4
Review
Our security team will review your submission within 48 hours
5
Reward
Upon validation, receive your bounty payment in USDC or ETH
Recognition
Top contributors to our bug bounty program will be featured in our Security Hall of Fame and receive exclusive NFT badges recognizing their contributions to platform security.
Legal Safe Harbor
We commit to not pursuing legal action against security researchers who:- Comply with this bug bounty policy
- Act in good faith
- Make a reasonable effort to avoid privacy violations
- Do not exploit vulnerabilities beyond what’s necessary for verification
Join our security-focused Discord channel to discuss potential findings with our team and other security researchers. Remember: collaboration makes our platform stronger!
Contact
For questions about the bug bounty program or to submit a vulnerability report:Security Team
Twitter: Send your report to our X account @o1_exchange via DM.
Response Time: Within 48 hours.
Response Time: Within 48 hours.