Back to Home
Bug Bounty Program
Help us keep LumeSwap secure. We reward security researchers who responsibly disclose vulnerabilities in our platform.
$50K+
Total Paid Out
24h
Avg. Response Time
45+
Issues Resolved
Reward Levels
Critical$5,000 - $15,000
- •Remote code execution
- •Smart contract fund theft
- •Private key exposure
- •Complete authentication bypass
High$1,000 - $5,000
- •Significant fund loss risk
- •Privilege escalation
- •Sensitive data exposure
- •Critical business logic flaws
Medium$250 - $1,000
- •Limited data exposure
- •Session management issues
- •Cross-site scripting (XSS)
- •CSRF vulnerabilities
Low$50 - $250
- •Information disclosure
- •Minor security misconfigurations
- •Best practice violations
- •Low-impact bugs
In Scope
- LumeSwap web application (lumeswap.io)
- Swap smart contracts
- Copy trading system
- Authentication & authorization
- API endpoints
- Wallet integrations
Out of Scope
- Third-party services (Solana, Jupiter, etc.)
- Social engineering attacks
- Physical attacks
- Denial of Service (DoS/DDoS)
- Spam or rate limiting issues
- Issues requiring physical access
Program Rules
1Do not access or modify other users' data
2Do not perform actions that could harm users
3Do not publicly disclose vulnerabilities before fix
4Provide detailed reproduction steps
5One vulnerability per report
6First reporter of a valid issue receives the reward
How to Report
Send your vulnerability report to our security team. Include detailed reproduction steps, impact assessment, and any proof-of-concept code.
Safe Harbor
We will not pursue legal action against researchers who follow our responsible disclosure guidelines. Your security research helps protect our users.