Bug Bounty Instructions

Security audit reports and getting started

Key Points

Submissions accepted until 8pm ET, August 8 .

. Review the provided materials first.

GitHub commit hash: 74728c404a1c7e9091074bd88abf454fd374228a.

Valid exploits rewarded up to $50,000.

Getting Started

Earlier this week we announced the 0x protocol bug bounty program and compensation rubric. Today we are releasing the independent security audit reports for public review and the resulting GitHub commit hash from which all bug bounty submissions must be based.

Security Audits

Please look through the reports linked below before making a submission to the bug bounty program. We are interested in learning about and addressing every possible attack vector, but we also want to make sure that bounty hunters learn from the hard work that the auditors put in over the past weeks.

ConsenSys Diligence —We worked with four individuals from the Diligence team. Their detailed audit report may be found here.

Remco Bloemen — Remco is co-founder and blockchain architect at Neufund. His finalized audit report will be released soon.

Starting Materials and Documentation

GitHub Commit Hash

The security audits were an iterative process that resulted in many small enhancements to our Ethereum smart contracts and an overall push to increase the quality and coverage of our documentation. The final version of our contracts, from which all bug bounty submissions must be based, may be found here:

GitHub commit hash: 74728c404a1c7e9091074bd88abf454fd374228a

Reporting

Email your submission to: team@0xproject.com.

Please include “BUG BOUNTY” in the subject.

Anonymous submissions are welcome.