Andrii Stepanov
Marketing Manager
2 Minutes Read
Updated:

Meet SuiDex

SuiDex is the premier decentralized exchange on Sui blockchain with cutting-edge features and maximum security.

Check Out The Rewards

If you find a vulnerability according to the bounty rules, SuiDex will reward you:

  • Critical $0 – $5,000
  • High $0 – $3,000
  • Medium $0 – $1,500
  • Low $0 – $500
    • 50% for critical issues
    • 30% for high issues
    • 15% for medium issues
    • 5% gas optimization issues, best practices Read more: https://docs.hackenproof.com/

Join The Bounty Hunt

There is a Smart Contract to scope!

Make sure your reports contain info about these incidents:

Critical

  • Direct theft of any user funds (at-rest or in-motion) across any liquidity pair or supported Coin<T> type
  • Permanent freezing of user funds in pools, lockers, or farming contracts
  • Insolvency conditions where the protocol cannot fulfill user withdrawals
  • Theft or loss of claimable Victory rewards
  • Manipulation of the fee structure to redirect developer or LP rewards
  • Smart contract unable to operate due to lack of funds or broken state logic
  • Circumvention of access control modifiers (e.g., only_owneronly_adminonly_authority)

High

  • Temporary freezing or locking of funds in liquidity and farm
  • Failure of reward distribution logic in Farms, VictoryLocker, or Router modules
  • Replay or reentrancy issues across trade, claim, and withdrawal flows
  • Price manipulation exploits impacting value returned from swaps, zaps, or LP removals
  • Gas griefing (e.g., unnecessary state growth, vec bloat, or overflow risks in per-user data)
  • Pool inflation or abuse of add_liquidity, or claim_and_lock functions

Medium

  • Incorrect share calculations in LP tokens, staked positions, or reward weights
  • LP or staking position dilution under certain liquidity migration edge cases
  • Misuse of clock, timestamp, or outdated reference values in emissions or locking schedules
  • Math or logic errors in APR boost, reward decay, or locking mechanics

Low

  • Unbounded gas usage (especially in claim_all and compound)
  • Missing checks that could result in unintended locking, burning, or reward denial
  • Logic bypass via invalid types, zero address abuse, or unchecked external calls
  • Architectural flaws, misnamed fields, or unsafe default behaviors

Theoretical vulnerabilities without PoC (for Critical/High)

  • Code style and gas optimization suggestions
  • Sui framework vulnerabilities
  • Frontend/UI issues
  • MEV/front-running attacks (unless direct fund loss)
  • Test files and documentation
  • Already known issues documented in README
  • Issues requiring extensive social engineering

Once you’re ready, click here to join the contest!