SAFEX-Help
  • GUIDE
    • APP Download
      • Latest App Download Link
    • Register & Login
      • Registration/Login Guide (App)
      • Registration/Login Guide (Web)
      • Gesture Password Unlock (App)
    • Account Setting
      • How to Find UID
      • Bind Email/Phone Number
      • What to Do if You Don't Receive Emails
    • Second Verification
      • Setting Up Google Authenticator Tutorial [App]
      • Setting Up Google Authenticator Tutorial [Web]
  • DEPOSITE & WITHDRAW
    • How to Deposit (APP)
    • How to Deposit (WEB)
    • How to Withdraw (APP)
    • How to Withdraw (WEB)
    • Withdrawal Restrictions Notice
    • SAFEX C2C Trading Legal Disclaimer
  • PErsonal assets
    • Profit Explanation
    • Asset History(APP)
    • Asset History(WEB)
    • Asset Transfer(APP)
    • Asset Transfer(WEB)
  • Derivatives TRADING
    • Derivatives Introduction
      • What is a Perpetual Contract?
    • USDT-Margined Perpetual Contracts(APP)
    • USDT-Margined Perpetual Contracts(WEB)
    • Margin Rules
    • Reverse Position
    • Merge Positions and Split Positions
    • Derivatives Trading Parameters
    • Transaction Fee
    • Derivations Trading Rules
  • Spot Trading
    • Introduction to Spot Trading
    • How to Conduct Spot Trading on SAFEX (App)
    • How to Conduct Spot Trading on SAFEX (Web)
    • Different Order Types in Spot Trading
    • Spot Trading Fees and Minimum Order Quantity
  • Copy Trading
    • SAFEX Copy Trading Feature Explanation-Phase 2
    • SAFEX Copy Trading Feature Explanation - Phase 1
  • OTHER help
    • SAFEX Announcement
      • Feature Upgrade
        • Copy Trading Optimization Announcement
        • BTCUSDT and ETHUSDT Futures Now Live with 200x Leverage
        • SAFEX Copy Trading Officially Launched
        • Major Upgrade: SAFEX Coin-Margined Futures Officially Launched!
        • New Deposit and Withdrawal Option, Arbitrum is the Better Solution!
        • SAFEX Spot Trading Platform is Now Live with BTC and ETH!
      • New Currency Pairs
        • SAFEX Listing TST Spot Trading
        • SAFEX Spot Trading New Listing Announcement
        • SAFEX Listing Multiple Popular USDT Perpetual Contracts
        • SAFEX Now Live with Popular MEME Coin USDT Perpetual Contracts
        • SAFEX Launches 12 New Contract Trading Pairs!
        • SAFEX New Contract Pairs and Fee Discount Campaign Officially Launched
        • SAFEX Launches 6 New Perpetual Contract Pairs!
      • Parameter Adjustment
      • System Maintenance
      • Important Notices
        • ETH/USDT Trading Pair Candlestick Abnormality Compensation Notice
        • Important Announcement: Statement on SAFEX Platform Token
        • SAFEX Cryptocurrency Exchange Service Area Statement:
      • Other Announcements
        • SAFEX Lead Trader Recruitment Announcement
        • SAFEX Copy Trading is Coming Soon – Join Us as a Copy Trader!
    • SAFEX Events
      • SAFEX New Year Exclusive Mystery Box – Unlock Your New Year’s Good Luck!
      • SAFEX Daily Lucky Draw
      • SAFEX High Leverage Airdrop Event
      • SAFEX Contract Hot Coins Tournament - 21st Edition
      • Exclusive for Newcomers, Trade to Share a 500,000 USDT Prize Pool!
    • Frequently FAQ
      • Deposit FAQ
        • What should I do if my deposit hasn't arrived?
        • How to Resolve Deposit Errors
        • Fund Recovery Guide
        • What should I do if my deposit hasn't arrived?
        • Minimum Deposit Amount Limit Important Notice Regarding Deposit Amounts
      • Withdrawal FAQ
        • Why Hasn't My Withdrawal Been Processed?
        • What Should I Do If My Withdrawal Hasn't Been Processed?
        • Withdraw Fee
      • Futures FAQ
        • Why Has My Limit Order Not Been Filled?
        • Liquidation Price Calculation (USDT Contract):
        • Latest Price and Mark Price Explanation:
        • Why was my limit order not executed?
        • Does leverage affect profit and loss?
        • Why Can't I Open a Position When My Account Has Assets?
        • Why Does the Position Margin of a Perpetual Contract Decrease Without Reducing the Position?
        • What is Funding Fee?
        • How to Manage Risk and Practice Responsible Trading
        • Why is the Total Value Lower Than the Unrealized P&L?
        • Why Can't I Open a Position When My Account Has Assets?
      • Spot FAQ
      • Other FAQ
        • What Should I Do If I Can't Receive Emails?
        • How Do I Close My Account?
    • Anti-fraud Column
      • Beware! Induced Investment Scams
      • Understanding Offline Transaction Scams
      • How to Protect Yourself from Phishing Attacks
      • Common Scams in Digital Asset Trading
    • Bug Bounty Program
    • About Us
    • Contract Us
    • Licensed and Compliant
    • Legal Notices
    • User Agreement
    • Terms of Service
    • Risk Warning
    • Privacy Statement
Powered by GitBook
On this page
  1. OTHER help

Bug Bounty Program

PreviousCommon Scams in Digital Asset TradingNextAbout Us

Last updated 1 month ago

We are pleased to announce our Bug Bounty Program and encourage everyone to participate by submitting vulnerabilities.

You can send your vulnerability information to bd@safex.trading, and our team will swiftly review and verify the reported issues. We value your contribution to our platform's security and will be in contact with you promptly.

Web Bug Bounty

Scope

  • *.safex.trading

Bounty Rewards

Severity Level

Bounty

Low-risk

50 to 100 USDT

Medium-risk

100 to 500 USDT

High-risk

500 to 1000 USDT

Critical

1000 to 5000 USDT

Web Vulnerability Definitions

Critical Vulnerabilities

Critical vulnerabilities refer to vulnerabilities in core business systems (e.g., core control systems, domain controllers, business distribution systems, and bastion hosts) that manage a large number of systems. These vulnerabilities can have a wide-ranging impact, including:

  • Unauthorized control of business systems.

  • Obtaining administrative privileges of core systems.

  • Taking control of core systems.

Examples:

  • Controlling multiple devices within the internal network.

  • Obtaining super-administrator privileges of the backend, leading to severe consequences such as leakage of critical enterprise data.

  • Smart contract overflow and race condition vulnerabilities.

High-risk Vulnerabilities

  • Gaining system privileges (e.g., GetShell, command execution).

  • System SQL injection.

  • Unauthorized access to sensitive information (e.g., bypassing authentication, weak passwords, SSRF vulnerabilities).

  • Arbitrary file reading.

  • XXE vulnerabilities allowing access to any information.

  • Unauthorized transactions or bypassing payment logic involving funds.

  • Severe logical and process design flaws (e.g., arbitrary user login vulnerabilities, bulk modification of account passwords).

  • Other vulnerabilities with wide-ranging user impact (e.g., stored XSS vulnerabilities on important pages).

  • Extensive source code leakage.

  • Smart contract permission control flaws.

Medium-risk Vulnerabilities

  • Vulnerabilities requiring user interaction (e.g., stored XSS, CSRF related to core business processes).

  • Parallel authorization operations (e.g., bypassing restrictions to modify user data).

  • Denial of Service (DoS) vulnerabilities.

  • Captcha logic flaws allowing brute-forcing of sensitive operations.

  • Local leakage of sensitive authentication key information.

Low-risk Vulnerabilities

  • Local DoS vulnerabilities (e.g., client-side crashes).

  • Routine information leakage (e.g., web path traversal, directory browsing).

  • XSS vulnerabilities (including DOM XSS/Reflected XSS).

  • Routine CSRF vulnerabilities.

  • URL redirection vulnerabilities.

  • SMS bombs, email bombs (only one type accepted per system).

  • Other low-impact vulnerabilities or those unable to demonstrate harm.

Vulnerability Types Not Accepted

  • Email spoofing.

  • User enumeration vulnerabilities.

  • Self-XSS and HTML injection.

  • Webpage missing CSP and SRI security policies.

  • CSRF issues for non-sensitive operations.

  • Individual Android App issues (e.g., android:allowBackup="true").

  • Issues related to modifying image sizes causing slow requests.

  • Leaked versions of Nginx or other software.

  • Functional issues without security risks.

  • Personal attacks on SAFEX employees or social engineering.

Contract Vulnerability Definitions

Critical Vulnerabilities

  • Any governance voting result manipulation.

  • Direct theft of user funds (at-rest or in-motion, excluding unclaimed yield).

  • Permanent freezing of funds.

  • Miner-extractable value (MEV).

  • Protocol insolvency.

High-risk Vulnerabilities

  • Theft of unclaimed yield or royalties.

  • Permanent freezing of unclaimed yield or royalties.

  • Temporary freezing of funds.

Medium-risk Vulnerabilities

  • Smart contract unable to operate due to lack of token funds.

  • Block stuffing for profit.

  • Griefing (e.g., no profit motive but damage to users or protocol).

  • Theft of gas.

  • Unbounded gas consumption.

Low-risk Vulnerabilities

  • Contract fails to deliver promised returns but doesn’t lose value.

Information Vulnerabilities

  • Incorrect data supplied by third-party oracles.

  • Impacts requiring basic economic and governance attacks (e.g., 51% attack).

  • Lack of liquidity impacts.

  • Impacts from Sybil attacks.

  • Centralization risks.

  • Best practice recommendations.

Prohibited Activities

  • Engaging in social engineering or phishing activities.

  • Disclosing specific information about vulnerabilities.

  • Destructive testing (only Proof of Concept (PoC) allowed).

  • Large-scale scanning without using scanning tools.

  • Direct modification of web pages, continued pop-up message boxes, cookie theft, or invasive payloads.

If any unintended harm occurs during testing, it must be promptly reported. Failure to comply may result in legal consequences.

Join Us in Making SAFEX Safer!

We appreciate your efforts in helping us maintain a secure platform. Together, we can build a safer crypto ecosystem!

Contact: bd@safex.trading Website: safex.trading