⚡
Stobix Docs
  • About Stobix
  • Onboarding
    • Create an Account
    • Deposit & Withdraw Funds
    • Supported Networks
  • Bug Bounty
  • Community & Support
  • Legal & Compliance
Powered by GitBook
On this page
  • Scope
  • Submission
  • Prohibited Activities
  • Eligibility
  • Classification
  • General Terms

Bug Bounty

PreviousSupported NetworksNextCommunity & Support

Last updated 1 day ago

Stobix is committed to ensuring the security of its decentralized protocol. We invite security researchers to help identify and address vulnerabilities in our platform.

Scope

Our bug bounty program covers security vulnerabilities affecting the Stobix protocol core infrastructure, including:

  • Protocol consensus layer and validator network integrity

  • Protocol security architecture and authentication systems

  • Trading mechanisms (Futures, Dual)

  • Critical user fund management infrastructure

  • Core API infrastructure and endpoint security

The following are not in scope:

  • Testnet and experimental features (unless otherwise announced)

  • Third-party dependencies not directly affecting protocol security

  • Non-security related UI/UX issues

Submission

  1. Prepare a detailed report documenting the vulnerability

  2. Include comprehensive reproduction steps and proof of concept (PoC)

  3. Submit your report to

If the same vulnerability is reported by multiple researchers, the reward will go to the author of the first received report. Rewards are paid in USDC based on vulnerability severity.

We commit not to pursue legal action against research conducted in good faith and in compliance with this program's rules.

Prohibited Activities

  • Protocol testing in production environments; research should be limited to designated test environments

  • Implementation of social engineering tactics against team members or users

  • Conducting network stress tests without prior authorization

  • Integration of third-party applications or systems in testing scenarios

  • Exploitation of discovered vulnerabilities for personal gain

  • Public disclosure of security issues prior to remediation confirmation

  • Unauthorized access to or disclosure of user data

  • Activities that violate applicable laws or regulations

Eligibility

  • You must comply with identity verification procedures when requested

  • You must be able to receive USDT

  • You must maintain strict confidentiality until authorized disclosure

  • We must be able to reproduce your findings based on your documentation

Classification

  • Critical (up to 100,000 USDT): Significant user fund loss, validator consensus failures, unauthorized access to funds

  • High (up to 30,000 USDT): Network disruptions, authentication bypasses, serious vulnerabilities in trading logic

  • Medium (up to 8,000 USDT): API performance issues, authorization flaws, wallet functionality vulnerabilities

  • Low (up to 1,500 USDT): Minor security issues with limited impact

Rewards are determined based on both impact and likelihood of occurrence. Stobix reserves the right to determine classification at its sole discretion.

General Terms

All submissions become Stobix property. We reserve the right to use, modify, or disclose reports for security purposes. Payment will not be made for submissions that don't meet program requirements.

We value the time and effort invested in all vulnerability reports and are committed to maintaining a secure, decentralized trading environment for our users.

You must submit your reports exclusively to

bugbounty@stobix.com
bugbounty@stobix.com