LeverEX Bug Bounty Program
From ~$25 for participation to ~$1250 for security bugs
Published in
2 min readAug 6, 2018
LeverEX exchange is launching a bug bounty program for talented developers and white-hat hackers:
- You get 1000 LEX tokens (~$25) for participation (free).
- You get 3000 LEX tokens (~$75) for each regular bug.
- You get 10000 LEX tokens (~$250) for each critical bug.
- You get 50000 LEX tokens (~$1250) for each security bug.
- You don’t need to deposit real money to start trading.
How to participate
- Join our Telegram group: “LeverEX Official”.
- Request API access from Denis Gorbachev.
- Start trading with Cryptozaur.
- Found a bug? Send reproduction steps to Telegram group (so that everyone knows you found it first).
How to trade
You can trade using ETH_D and BTC_D demo balances (no need to deposit real funds).
To execute trades, you have two options:
- Roll your own API integration (see documentation).
- Run Cryptozaur commands:
./cryptozaur add.account leverex [your_key] [your_secret]./cryptozaur show.balances leverex./cryptozaur buy leverex ETH_D:BTC_D 0.07 1.0./cryptozaur sell leverex ETH_D:BTC_D 0.08 2.0./cryptozaur show.orders leverex./cryptozaur cancel leverex ETH_D:BTC_D 1217
FAQ
How do I claim a bonus for participation (1000 LEX tokens)?
- Reach 1 BTC_D trading volume on your orders.
- Send a message to Denis Gorbachev.
Only first 25 developers are eligible for bonus.
What is the scope of bug bounty program?
The bug bounty program covers all API endpoints:
- REST API is covered.
- WebSocket API is covered (we’ll publish the docs soon).
- User interface is not covered (we’re still working on it).
How do you classify the bugs?
- A security bug is a bug that allows to execute actions from a different account or manipulate balances directly.
- A critical bug is a bug that breaks database consistency (e.g. filling a buy order without filling a sell order).
- A regular bug is any other bug (e.g. trade doesn’t show up in API).
If you believe your bug qualifies for a higher grade, feel free to mention that in bug report.
Ready to break our system? Join the Telegram group & request API access!