Bug Bounty Postmortem Report

Below is a detailed record of resolved and successfully paid out bug bounties, Each bounty includes information on time of resolution, brief description of the issue, its severity, and reward paid out

Time

Description

Severity

Paid out

Transaction hash

2024-12-21

A valid signature is used to authorize ETH withdrawals, but no check is made to ensure msg.sender matches the intended trader. Attackers could front-run transactions using the same signature to receive the funds.

High

$10,000

https://etherscan.io/tx/0xea332a95e746964267b2304630fc5d19d35a8d670b1ccbc6c5d99a22cdb7f234

2025-3-17

Click Jacking vulnerability on Wallet Connect Feature and Entire Website

Medium

$1000

https://etherscan.io/tx/0x742e26aa4abbbf569f1d7fcb43adda4839c72644f7704e3cee6ba33c4c17c936

2025-2-24

DOS vulnerability within API implementation, which could exhaust server capacity, leading to service disruption

Medium

$2000

https://blastscan.io/tx/0xee06a01da583fe66c099e2a87840befcfec7a991bfc80e916907ae439f770097

2025-3-14

Vulnerability in the API interface can cause misconfigurations in the back-end server, leading to timeouts. This flaw can be exploited to crash the API interface affecting the entire Web/App platform.

Medium

$1640

https://etherscan.io/tx/0x2b1729a82d1f06ee108e08c55358c456cbcdb10a007d97092f7da9ee2ce2e18c

2025-5-8

Vulnerability of websocket endpoint to DoS attacks,allowing unauthorized requests capable of affecting the entire trading platform

Medium

$2000

https://etherscan.io/tx/0x3493e746ad2071887a9f5dee8f43e956311bcaffe88480b16bb56336e788092d

PreviousBug Bounty NextTerms of Use

Last updated 1 month ago