Bug Bounty Program

Help us secure Levret Exchange and earn rewards for finding security vulnerabilities. Our bug bounty program offers competitive rewards for responsible disclosure.

Report VulnerabilityView Guidelines

Total Rewards

$5,000+

Available for security researchers

Vulnerabilities

50+

Successfully reported and fixed

Researchers

25+

Active security researchers

Vulnerability Types & Rewards

Smart Contract Vulnerabilities

Critical

Critical bugs in smart contracts, reentrancy, integer overflow/underflow, access control issues

$1,000 - $2,000

Authentication & Authorization

High

Bypass authentication, privilege escalation, session management flaws, API key exposure

$500 - $1,500

Data Integrity & Manipulation

High

SQL injection, data tampering, price manipulation, order book manipulation

$300 - $1,200

Web Application Security

Medium

XSS, CSRF, clickjacking, insecure direct object references, file upload vulnerabilities

$100 - $800

Infrastructure & Network

Medium

Server vulnerabilities, DDoS amplification, network protocol issues, DNS hijacking

$50 - $500

Mobile Application Security

Medium

Mobile-specific vulnerabilities, insecure storage, improper certificate validation

$50 - $400

In Scope

All Levret Exchange web applications and APIs
Smart contracts deployed on supported blockchains
Mobile applications (iOS and Android)
Backend infrastructure and services
Third-party integrations and dependencies

Out of Scope

Social engineering attacks
Physical attacks on infrastructure
Denial of service attacks without proof of exploit
Issues requiring physical access to devices
Vulnerabilities in third-party services not controlled by Levret

Bounty Programs

Critical Vulnerabilities

Issues that could lead to complete system compromise or significant financial loss

Examples:

  • Smart contract exploits allowing unauthorized fund withdrawal
  • Authentication bypass leading to account takeover
  • Critical infrastructure vulnerabilities
$1,000 - $2,000

High Severity Issues

Significant security flaws that could impact user data or system integrity

Examples:

  • Privilege escalation vulnerabilities
  • Data manipulation or injection attacks
  • API security weaknesses
$300 - $1,500

Medium Severity Issues

Moderate security issues that could be exploited under specific conditions

Examples:

  • Cross-site scripting (XSS) vulnerabilities
  • Information disclosure issues
  • Input validation weaknesses
$100 - $800

Low Severity Issues

Minor security issues with limited impact or requiring specific conditions

Examples:

  • Information leakage in error messages
  • Minor input validation issues
  • UI/UX security improvements
$50 - $400

Submission Guidelines

Email Submission

Send detailed vulnerability reports to security@levret.io

Include proof-of-concept, impact assessment, and remediation suggestions

GitHub Security

Use GitHub's private vulnerability reporting feature

Create a private security advisory for sensitive findings

Encrypted Communication

Use PGP encryption for sensitive vulnerability details

Our PGP key is available at security@levret.io

Response Timeline

Initial Response

24 hours

Acknowledgment of vulnerability report and initial assessment

Detailed Analysis

3-5 days

In-depth technical analysis and severity assessment

Remediation

7-30 days

Development and deployment of security fixes

Reward Processing

5-10 days

Payment processing and bounty reward distribution

Ready to Report a Vulnerability?

Follow responsible disclosure practices and help us maintain the security of Levret Exchange. All valid reports are rewarded based on severity and impact.

security@levret.ioGitHub Security

Program Rules & Terms

Rules

  • Do not access or modify other users' data
  • Do not perform any destructive testing
  • Provide clear reproduction steps
  • Allow reasonable time for fixes

Terms

  • Rewards are at Levret's sole discretion
  • Duplicate reports may not receive rewards
  • Public disclosure before fix is prohibited
  • Program terms may change without notice