LogoLogo
  • 👋Introduction
  • Get Started
  • Sonic rGEMs Rewards Program
  • Chart Trader
  • Index Price
  • Vaults
    • RabbitX Liquidity Pool Vault
  • Funding Rate
  • Deposit / Withdrawal
  • Fiat Deposits
  • Binance Direct Deposit
  • Profit / Loss Calculation
  • Margin Calculation
  • Market Slippage Protection
  • Liquidations
  • RabbitX Quantower
  • Fees
    • API Fees
  • Frequently Asked Questions
  • Token
    • Explore $RBX
    • Contract Details
  • API Documentation
    • Introduction
    • Rate Limits
    • Generate Your API Keys
      • Signing with API Key
    • Public Endpoints
      • Market Info
      • Trades
      • Orderbook
      • Funding Rate
      • Candles
    • Private Endpoints
      • Account Operations
      • Authentication
      • Orders
      • Fills
      • Positions
      • Profile
      • Balance History
      • Deadman Switch
    • Websocket
      • Trades
      • Orderbook
      • Market Info
      • Account
    • Responses Data Structure
  • Twitter
  • Discord
  • Audit
  • Bug Bounty
  • Bug Bounty Postmortem Report
  • Terms of Use
Powered by GitBook
On this page

Bug Bounty Postmortem Report

Below is a detailed record of resolved and successfully paid out bug bounties, Each bounty includes information on time of resolution, brief description of the issue, its severity, and reward paid out

Time
Description
Severity
Paid out
Transaction hash

2024-12-21

A valid signature is used to authorize ETH withdrawals, but no check is made to ensure msg.sender matches the intended trader. Attackers could front-run transactions using the same signature to receive the funds.

High

$10,000

https://etherscan.io/tx/0xea332a95e746964267b2304630fc5d19d35a8d670b1ccbc6c5d99a22cdb7f234

2025-3-17

Click Jacking vulnerability on Wallet Connect Feature and Entire Website

Medium

$1000

https://etherscan.io/tx/0x742e26aa4abbbf569f1d7fcb43adda4839c72644f7704e3cee6ba33c4c17c936

2025-2-24

DOS vulnerability within API implementation, which could exhaust server capacity, leading to service disruption

Medium

$2000

https://blastscan.io/tx/0xee06a01da583fe66c099e2a87840befcfec7a991bfc80e916907ae439f770097

2025-3-14

Vulnerability in the API interface can cause misconfigurations in the back-end server, leading to timeouts. This flaw can be exploited to crash the API interface affecting the entire Web/App platform.

Medium

$1640

https://etherscan.io/tx/0x2b1729a82d1f06ee108e08c55358c456cbcdb10a007d97092f7da9ee2ce2e18c

2025-5-8

Vulnerability of websocket endpoint to DoS attacks,allowing unauthorized requests capable of affecting the entire trading platform

Medium

$2000

https://etherscan.io/tx/0x3493e746ad2071887a9f5dee8f43e956311bcaffe88480b16bb56336e788092d

PreviousBug BountyNextTerms of Use

Last updated 1 day ago