CoinFlex -First Physically Delivered Cryptocurrency Futures Exchange

CoinFLEX Bug Bounty Program

At CoinFLEX, security is of the utmost importance to us and our users. Hence, we wish to present to you the CoinFLEX Bug Bounty Program. The aim of this program is to more effectively engage with our community and supporters in reporting any bugs and vulnerabilities.

Responsible Disclosure Policy:

  • Let us know as soon as possible upon discovery of a potential security issue, and we’ll make every effort to quickly resolve the issue.
  • This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit, written permission of the account holder that you can provide to CoinFLEX.

Bounty Program Rules:

  • Contact email: [email protected]
  • Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
  • Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
  • When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced).
  • Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
  • Social engineering (e.g. phishing, vishing, smishing) is prohibited.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
  • Please note that only vulnerabilities with a working proof of concept that shows how it can be exploited will be considered eligible for monetary rewards.
  • We have a testnet (Stage) environment at https://stage.coinflex.com. If you believe a reproduction could potentially harm service of the platform, please do a reproduction on Stage.

Rewards:

The rewards are granted on a case by case basis depending on the threat level and report’s quality. Rewards can be paid in FLEX, XBT, USDT or ETH

Critical: 2000+ USDT equivalent
Severe: 500 USDT equivalent
Moderate: 200 USDT equivalent
Low: 100 USDT equivalent

Once your submission is accepted, we will ask you to provide either of the following to receive your reward:

  • email address registered on CoinFLEX
  • your wallet address

Domains in scope:

*.coinflex.com

Register for a free account
Sign up takes less than 2 minutes

Prohibited Countries: American citizens and residents of the United States of America, Cuba, Iran, Syria, Sudan, North Korea, Afghanistan and any other Countries that are restricted from trading on our platform are prohibited from holding positions or entering contracts at CoinFLEX. If it is determined that any CoinFLEX trading participant has given false representations as to their location or place of residence, CoinFLEX reserves the right to close any of their accounts and to liquidate any open positions.