LeverEX Bug Bounty Program

From ~$25 for participation to ~$1250 for security bugs

LeverEX exchange is launching a bug bounty program for talented developers and white-hat hackers:

• You get 1000 LEX tokens (~$25) for participation (free).
• You get 3000 LEX tokens (~$75) for each regular bug.
• You get 10000 LEX tokens (~$250) for each critical bug.
• You get 50000 LEX tokens (~$1250) for each security bug.
• You don’t need to deposit real money to start trading.

How to participate

1. Join our Telegram group: “LeverEX Official”.
2. Request API access from Denis Gorbachev.
3. Start trading with Cryptozaur.
4. Found a bug? Send reproduction steps to Telegram group (so that everyone knows you found it first).

How to trade

You can trade using ETH_D and BTC_D demo balances (no need to deposit real funds).

To execute trades, you have two options:

• Roll your own API integration (see documentation).
• Run Cryptozaur commands:

./cryptozaur add.account leverex [your_key] [your_secret]
./cryptozaur show.balances leverex
./cryptozaur buy leverex ETH_D:BTC_D 0.07 1.0
./cryptozaur sell leverex ETH_D:BTC_D 0.08 2.0
./cryptozaur show.orders leverex
./cryptozaur cancel leverex ETH_D:BTC_D 1217

FAQ

How do I claim a bonus for participation (1000 LEX tokens)?

1. Reach 1 BTC_D trading volume on your orders.
2. Send a message to Denis Gorbachev.

Only first 25 developers are eligible for bonus.

What is the scope of bug bounty program?

The bug bounty program covers all API endpoints:

• REST API is covered.
• WebSocket API is covered (we’ll publish the docs soon).
• User interface is not covered (we’re still working on it).

How do you classify the bugs?

• A security bug is a bug that allows to execute actions from a different account or manipulate balances directly.
• A critical bug is a bug that breaks database consistency (e.g. filling a buy order without filling a sell order).
• A regular bug is any other bug (e.g. trade doesn’t show up in API).

If you believe your bug qualifies for a higher grade, feel free to mention that in bug report.

Ready to break our system? Join the Telegram group & request API access!