AnteX Bug Bounty Program

AntEx is committed to building a secure and transparent decentralized trading infrastructure. We invite security researchers to submit vulnerabilities responsibly, helping us enhance platform security and protect user assets and the ecosystem.

Submission

A valid report should include:

  • Clear description and impact assessment

  • Step-by-step reproduction (with PoC or script if applicable)

  • Screenshots, logs, or video evidence (if available)

Reports without sufficient detail or reproducibility will not qualify for rewards.

Scope

  • AntEx smart contracts (matching engine, perpetual contracts, funding rates, liquidation mechanisms)

  • Decentralized oracle and cross-chain communication modules

  • AntEx frontend and API (only if impacting fund security)

Out of scope: UI/UX issues, third-party wallet bugs, or theoretical vulnerabilities without security impact.

Reward Levels

Level
Description
Reward Range (USDC)

Critical

Direct compromise of user funds or complete contract takeover

5,000 – 10,000

High

Major impact on fund safety, contract logic, or system integrity

2,500 – 5,000

Medium

Exploitable with limited impact (e.g., liquidation edge cases)

500 – 2,500

Low

Requires user interaction or limited impact (e.g., minor info disclosure)

200 – 500

Final bounty amounts are determined by the AntEx security team based on severity and impact.

Testing Guidelines

  • Use the AntEx Testnet (https://testnet.antex.ai) for verification.

  • DoS/DDoS, brute force, or any activity disrupting services is prohibited.

  • Attacks targeting user privacy, data integrity, or third-party apps are not allowed.

  • Social engineering (e.g., phishing) against team members or community is strictly prohibited.

Reporting Rules

  • First valid submission of a vulnerability will be rewarded.

  • Multiple issues caused by the same root vulnerability will be treated as one.

  • Vulnerabilities must not be publicly disclosed before they are resolved.

  • Rewards will be paid in USDC to the researcher’s designated wallet upon validation.

Out of Scope

  • Non-security related UI/UX bugs

  • Issues on outdated environments (unsupported browsers, plugins, OS)

  • Physical attacks or vulnerabilities requiring unrealistic user actions

  • Third-party dependencies not affecting AntEx user security

  • Theoretical vulnerabilities without demonstrable impact

Researcher Commitments

All research must be conducted ethically and responsibly, avoiding privacy violations, data loss, or service interruption. AntEx will treat all researchers with fairness and respect, respond promptly to valid reports, and issue rewards accordingly.

Disclaimer AntEx is a fully decentralized DEX. All funds remain under user self-custody. During testing, researchers must ensure that no real user assets are put at risk.

PreviousSpecificationNextContact Us

Last updated