ethSecure0x



Private Report Submission for White Hats
Contact@ethsec.blog Vulnerability Classification


SSV Network

Subdomains and unsanitized parameters could have allowed scripts to execute, posing significant risks. Thanks to Secure0x and the white hats for identifying this flaw. Keep hunting for bugs on our platform

Read More


Dusk Network

We would like to inform our users about a potential security threat pertaining to a dusk.network subdomain, which would have allowed a malicious actor to take over the sub-domain and deploy a fake website

Read More


Sui Protocol

Currently ranked in the top #10 hackers on the SUI protocol on Hackenproof. We look forward to continuing a fruitful collaboration with Secure0x and appreciate their contributions to our security

Find More


GoGoPool

To mitigate further risk in the future, Sentry is being removed from our frontend site, effectively immediately. We thank Secure0x for their responsible disclosure and an appropriate bounty will be paid

Read More


Push Protocol

Reported various vulnerabilities with critical to high impact in web applications. Additionally, Secure0x helped us identify and mitigate issues from spammers, including non-impact clickjacking, SPF record misconfigurations, and self-XSS bug submissions

Read More




White hats secure0xd 150+ projects and received appropriate bounty
Threshold Network Raydium Sui Protocol MakerDAO StarkNet 1inch Cow Protocol Aave The Graph Osmosis Avalanche Eden Network Optimism DeBank LayerZero Orca DappRadar zkSync Arbitrum Space ID GoGoPool HUMAN Protocol Jupiter Solana Zircuit SparkFi Sky Money SSV Labs Star Atlas Opsec Aavegotchi EclipseFi Nereus Finance Cosmos Network DeltaPrime SEI Blast SyncSwap ChainGPT CoreDAO BottoDAO PlutusDAO Dusk Network Just Network Uniswap Cronos Lido Flow dYdX Polygon Compound




🚨 Many thanks to @Secure0x for identifying a potential vulnerability in one of our previous projects.

Their detailed report helped us identify the issue and resolve it quickly. We appreciate their support and look forward to future collaborations!#SecurityCheck #securedpic.twitter.com/pYWVBB2dGV

— Nereus Finance (@nereusfinance) July 24, 2024

Thanks to @Secure0x for helping to identify a critical vulnerability in the platform. Their well-detailed report helped us act swiftly, and implement necessary fixes. More information on our bug bounty program can be found on our GitHub. 🔐

— HUMAN Protocol 🧬 (@human_protocol) July 31, 2024


Vulnerability Classification is derived from over 500+ bug bounty programs



Vulnerability Classification by Secure0x signifies a well-researched and data-driven framework for categorizing security vulnerabilities, leveraging extensive real-world data from numerous bug bounty initiatives to ensure its accuracy and relevance


Note: As active contributors to the Web3 ecosystem and participants in leading bug bounty platforms such as HackenProof, Immunefi, Sherlock, and Code4Arena, we rely on a standardized vulnerability classification system to evaluate severity levels and determine appropriate payouts. This ensures fairness and transparency while emphasizing the value of researchers findings.

To further support our commitment to effective vulnerability management, we have compiled the minimum and maximum bounties offered by web3 projects sourced from platforms like Immunefi, HackenProof, and others.

This comprehensive data, based on insights from hundreds of web3 projects with TVL / MarketCap ranging from $5 million to over $100 million, showcases diverse approaches to vulnerability management and highlights the varying incentives provided to security researchers across the ecosystem.


The average payouts for smart contract vulnerabilities range from
$30,000 to $140,000

For web applications, bounties for low to critical severity issues fall between
$500 to $25,000

(Depending on the project)


Smart Contracts


Bounties vary at the project's discretion. However, we advocate for a 5% fixed bounty of the risk value, with a maximum payout capped at $500,000. This ensures researchers are fairly rewarded for uncovering vulnerabilities that pose significant risks.


Web/Apps


Bounties are determined by CVSS scores, user traffic, project popularity, and prevailing market conditions. We assist researchers in presenting exploit demonstrations, detailed impact analysis, and estimations of total funds at risk.

For CRITICAL findings, we ensure researchers receive upto $30,000. Recognizing the immense value their efforts bring to project security.



By adopting this structured approach, we aim to foster a culture of mutual respect and collaboration between projects and security researchers, ensuring both the ecosystem's growth and the fair recognition of researchers security contributions.