We are happy to thank everyone who submits valid reports, which help us improve security. However, only those who meet the following eligibility requirements may receive a monetary reward:
- You must be the first vulnerability reporter.
- The vulnerability must be a qualifying vulnerability
- Any vulnerability found must be reported no later than 24 hours after discovery, and exclusively through hackenproof.com
- You must send a clear textual description of the report along with steps to reproduce the issue, including attachments such as screenshots or proof of concept code as necessary.
- You must not be a former or current employee of ours or one of its contractors.
- ONLY USE YOUR HackerProof ACCOUNT (in case of violation, no bounty will be awarded)
- Provide detailed but to-the-point reproduction steps
REWARD LIST
- High-quality reports may be awarded an extra bonus. A high-quality report is a thoroughly written vulnerability report that includes (when applicable) a working proof-of-concept, root cause analysis, a suggested fix, and any other relevant information.
KNOWN ISSUES
- Please note that the OKX Security Team also actively looks for vulnerabilities across all assets internally. For reported issues that are already known to us, we will close them as duplicates. We seek your kind cooperation to respect our final decision and to refrain from making multiple negotiations once the decision has been made.