O3 Docs
Search…
O3 Swap Bug Bounty
O3 Swap is a cross-chain aggregation platform, allowing users to exchange different assets safely and simply across chains within the decentralized wallets. We are committed to providing a one-stop aggregation & exchange platform for users and offering developers access to an open, distributed, friendly, and secure trading environment.
We welcome outstanding developers and enthusiasts in the blockchain community to share with us critical issues and the techniques used to exploit them. If you think you have found a security bug in our platform, we are happy to work with you to resolve the problem quickly and issue generous and fair rewards in return.

Eligibility

O3 Swap will only issue monetary rewards for reports demonstrating meaningful impact, meaning that the duplicates, invalid bugs, micro vulnerability, and product improvement recommendations will not be included in this bug bounty event. See the following eligibility rules:
  • First come first served, the first party who reports the issue will be considered first.
  • The reported issue has not been disclosed to the public before the O3 Labs team releases the security solution.
  • All reports need to be written in the specific format and send to our official email address: [email protected] (detailed below)

Report and Reward Guidelines

A complete email report should include the following:
  1. 1.
    Email Title:【O3 Swap Bug Bounty】_Bug title
  2. 2.
    Issue Description: A detailed description of the reported problem should include the sufficient information allowing the O3 Labs team to reasonably reproduce the problem.
  3. 3.
    Reproduce Steps: Any prerequisites and steps to reproduce the affected state.
  4. 4.
    Additional Information: How this issue affects the system security and what is your opinion/suggestion on the technical solution.
  5. 5.
    Send your Report: Send your report by email to [email protected]. Include relevant video demonstrations, analytic data, compiled and source codes, crash logs, and/or system diagnosis reports in the attachment if needed.
After we receive your email, we need some days to review and check. Only when the issue is proved by our technical team, we will reply to you for more information.

Risk Level

  1. 1.
    Critical: Issues that cause a privilege escalation from unprivileged to admin or allow for remote execution, source core data reveal, financial theft, etc.
  2. 2.
    High: Issues that affect the security of the platform including the processes it supports. Serious logic design defects, smart contract authority control defects.
  3. 3.
    Medium: Issues that affect multiple users and require little or no user interaction to trigger. Ordinary unauthorized operation. Leakage of local-stored sensitive information.
  4. 4.
    Low: Issues that affect singular users and require interaction or significant prerequisites to trigger. Other vulnerabilities that are less harmful and cannot be proved.

Disclaimer

O3 Labs reserves the right to modify terms, rewards amount, and risk conditions of this bounty event and your participation in the program constitutes acceptance of all terms. For the protection of users, O3 Labs doesn't disclose security issues until our investigation is complete and any necessary updates are generally available.
Last modified 4mo ago