0x Exchange Proxy: Bug Bounty
Add to Watchlist
Added to Watchlist
Reward pool
Not set
ZRX
Expected profit
$100 - 100,000
equal in ZRX
Max participants
∞
No limit
DropsEarn score
Neutral
Hard, Low Risks
Program Details
The Exchange Proxy introduces a system of composable smart contracts that extend the core 0x protocol. This architecture enables 0x to innovate with minimal friction alongside the growing DeFi ecosystem. Trades executed through the proxy are settled securely via Exchange V3.
The smart contracts have been internally audited and are currently in beta while we evaluate the new architecture. We take security very seriously at 0x and have paid over $100,000 in previous bounties. We encourage all smart contract developers to take advantage of this opportunity.
You can learn more about our smart contracts below:
- Exchange Proxy Specification
- Exchange Proxy Features Specifications
- Exchange V3 Specification
- Smart Contracts Code
The official 0x Discord Chat to answer any questions related to the bug bounty program or smart contracts.
Rewards
The severity of reported vulnerabilities will be graded according to the CVSS (Common Vulnerability Scoring Standard). The following table will serve as a guideline for reward decisions:
Critical (CVSS 9.0 - 10.0) | High (CVSS 7.0 - 8.9) | Medium (CVSS 4.0 - 6.9) | Low (CVSS 0.0 - 3.9) |
---|---|---|---|
$10,000 - $100,000 | $2,500 - $10,000 | $1,000 - $2,500 | $0 - $1,000 |
Please note that any rewards will ultimately be awarded at the discretion of ZeroEx Intl. All rewards will be paid out in ZRX.
Areas of interest
The following are examples of types of vulnerabilities that are of interest:
Loss of assets
- A user loses assets in a way that they did not explicitly authorize (e.g an account is able to gain access to an
AssetProxy
and drain user funds). - A user authorized a transaction or trade but spends more assets than normally expected (e.g an order is allowed to be over-filled).
Unintended contract state
- A user is able to update the state of a contract such that it is no longer useable (e.g permanently lock a mutex).
- Any assets get unexpectedly "stuck" in a contract with regular use of the contract's public methods.
- An action taken in the staking contracts is applied to an incorrect epoch.
Bypassing time locks
- The
ZeroExGovernor
is allowed to bypass the timelock for transactions where it is not explicitly allowed to do so. - A user is allowed to bypass the
ZeroExGovernor
.
Incorrect math calculations
- Overflows or underflow result in unexpected behavior.
- The staking reward payouts are incorrect.
Scope
The following contracts are in scope of the bug bounty. Please note that any bugs already reported are considered out of scope.
3.0 submissions should be based off of the contracts as of commit fb8360edfd4f42f2d2b127b95c156eb1b0daa02b. The following contracts are considered within scope of this bug bounty:
- asset-proxy/contracts/src/ERC20BridgeProxy.sol (specification)
- exchange/contracts/src/Exchange.sol (specification)
- multisig/contracts/src/ZeroExGovernor.sol (specification)
- staking/contracts/src/Staking.sol (specification)
- staking/contracts/src/StakingProxy.sol (specification)
- staking/contracts/src/ZrxVault.sol (specification)
Security audits of these contracts were conducted by Trail of Bits and Consensys Diligence.
2.1 submissions should be based off of the contracts as of commit ff70c5ecfe28eff14e1a372c5e493b8f5363e1d0. The contracts found in the following directories are considered within scope of this bug bounty:
src/2.0.0/protocol
src/2.0.0/utils
Security audits of these contracts can be found here and here.
MultiAssetProxy
MultiAssetProxy
submissions should be based off of the contracts as of commit c4d9ef9f83508154fe9db35796b6b86aeb0f2240. The only contract within the scope of this bug bounty is:
contracts/src/MultiAssetProxy.sol
The security audit for this contract can be found here.
ERC1155Proxy
ERC1155Proxy
submissions should be based off of the contracts as of commit 77484dc69eea1f4f1a8397590199f3f2489751d2. The only contract within the scope of this bug bounty is:
contracts/src/ERC1155Proxy.sol
The security audit for this contract can be found here.
StaticCallProxy
StaticCallProxy
submissions should be based off of the contracts as of commit 54f4727adc6da95f312e3721f44857110555d24c. The only contract within the scope of this bug bounty is:
contracts/src/StaticCallProxy.sol
ERC20BridgeProxy
ERC20BridgeProxy
submissions should be based off of the contracts as of commit 281658ba349a2c5088b40b503998bea5020284a6. The only contract within the scope of this bug bounty is:
contracts/src/ERC20BridgeProxy.sol
ExchangeProxy
ExchangeProxy
submissions should be based off the contracts in commit 7967a8416c76e34ff5a0a4eb80e7b33ff8c0e297. The only contracts within the scope of this bug bounty are in the directory:
contracts/src/
Disclosures
Please e-mail all submissions to [email protected] with the subject "BUG BOUNTY". Your submission should include any steps required to reproduce or exploit the vulnerability. Please allow time for the vulnerability to be fixed before discussing any findings publicly. After receiving a submission, we will contact you with expected timelines for a fix to be implemented.
About
0x Project excited to announce a bug bounty for the 0x Exchange Proxy! The program is open to anyone and rewards up to $100,000 for critical exploits.
20 Jul 2020 00:00(UTC+3) - 20 Dec 2020 00:00(UTC+3)
Closed
None