Bug Bounty
Help us make ForgeX safer. Report bugs, get rewarded, and be part of our Community Audit program.
🧭 Severity Levels & Rewards
🟥 Critical
Asset loss, bypass of signer/auth checks, private key exploits.
$10,000
🟧 High
Issues that could result in significant disruptions, such as unauthorized transactions, privilege escalations, or exposure of sensitive user data.
$5,000
🟨 Medium
Flaws that may cause moderate impact, including transaction inaccuracies, minor data leaks, or partial denial of service.
$2,000
🟩 Low
Minor vulnerabilities that have limited impact, such as UI inconsistencies, minor validation errors, or informational disclosures without direct exploitation potential.
$100-$500
Note: final rewards are determined based on the severity, reproducibility, and exploitability of the issue.
📥 How to Submit
Describe the issue in detail (steps to reproduce, contracts involved, expected vs actual behavior)
You can submit your report through one of the following ways:
Mail us at [email protected]
DM @james_ssc on Telegram
DM @forgex_tools on Twitter
Once we confirmed the issue, we will fix it and send the reward immediately. Usually won't be longer than a week.
We accept both on-chain and off-chain reports, and strongly encourage white-hat disclosure principles.
⚠️ Responsible Disclosure
Do not exploit bugs for personal or public gain.
Do not share vulnerabilities publicly until we confirm a fix is deployed.
Acting maliciously may disqualify you from rewards and lead to further action.
Last updated
Was this helpful?