PEX is committed to building a secure, transparent, and resilient trading platform. To support that mission, we run an open bug bounty program that rewards security researchers and developers who help identify and report vulnerabilities across the PEX ecosystem.
Scope
The bounty covers vulnerabilities in PEX smart contracts, relayer systems, cross-chain infrastructure, and user-facing components. Eligible issues include anything that could result in the loss of user funds, unauthorized access, disruption of order execution, manipulation of pricing logic, or compromise of user privacy.
Rewards
All bug bounty rewards are paid in $PEX tokens. The amount depends on the severity and impact of the issue. Critical vulnerabilities that directly affect user funds or execution logic will be rewarded significantly, while lower-severity findings may receive smaller token allocations. Final reward decisions are made by the PEX core team based on reproducibility, severity, and potential impact.
Eligibility
To qualify for a bounty, submissions must be original, not publicly disclosed, and responsibly reported. Reports must include clear documentation, reproduction steps, and proof-of-concept code where possible. Exploiting the protocol on mainnet or abusing the vulnerability before disclosure will disqualify the report.
How to Report
Please submit all reports privately by contacting the team via telegram or X. We will acknowledge receipt, investigate the issue, and respond with next steps and bounty details if applicable.
By working with the community, PEX aims to make decentralized trading safer and stronger for everyone.