OKTC has officially launched its Bug Bounty Submission Portal, inviting white-hat hackers and developers worldwide to contribute to a more stable and reliable trading ecosystem. Users who identify system vulnerabilities can now report them directly to the community, helping enhance OKTC's operational integrity.
Vulnerability Classification & Rewards
OKTC categorizes vulnerabilities into five tiers based on severity and exploitation difficulty, supplemented by other factors:
| Level | Reward Range (USDT) | Examples of Impact |
|---|---|---|
| Critical | 700–1,000 | Remote code execution, historical data tampering |
| High | 500–700 | Node crashes, unauthorized fund transfers |
| Medium | 200–500 | Transaction replay attacks, RPC failures |
| Low | 50–200 | Sensitive data leaks with minimal risk |
| N/A | 0 | Non-exploitable issues |
Rewards are disbursed within 1–2 business days after verification and patching.
Evaluation Criteria
1. Severity
- Critical: Core system breaches (e.g., blockchain forks, unauthorized minting).
- High: Significant node/account disruptions (e.g., private key leaks).
- Medium: Partial system dysfunction (e.g., failed node startups).
- Low: Minor risks without direct financial harm.
2. Exploitation Difficulty
- Low: >80% trigger probability, zero cost.
- Medium: 20–80% probability, moderate conditions.
- High: <20% probability, specialized resources needed.
3. Submission Guidelines
- Provide detailed steps, payloads, and proof of impact.
- Vague reports may delay rewards.
4. Scoring Principles
- Only the first reporter of a unique vulnerability receives the reward.
- Duplicate or publicly known issues are ineligible.
👉 Learn more about OKTC’s security initiatives
FAQ
Q: How are rewards paid out?
A: Rewards are credited to your OKX account post-verification.
Q: Can I disclose reported vulnerabilities?
A: No. Publicizing漏洞细节 violates program rules.
Q: What if my submission lacks details?
A: OKTC will contact you for clarification—ensure submissions include URLs, screenshots, and clear descriptions.
Final Notes
This program underscores OKTC’s commitment to decentralized security. By incentivizing community participation, OKTC aims to fortify its ecosystem against emerging threats.
👉 Explore OKTC’s developer resources
Disclaimer: This content is for informational purposes only and does not constitute financial or legal advice.