MDEX Bug Bounty Campaign

Overview

Since its listing on January 6 2021, MDEX has been in smooth and stable operation. With the gradual improvement of MDEX’s functions, it can now support not only HECO, but also BSC and ETH. In future, MDEX will include more fundamental assets in our ecology.

To foster the sound growth of MDEX ecology and protect asset security, MDEX is now launching a bug bounty campaign. We hope that through this event, more professionals in the security research will participate in constructing a safe MDEX ecology, and defend the asset and transaction security of MDEX users in conjoint with us .

Scope of application

This Campaign only applies to the bugs in the following MDEX contracts

MDEX Core contracts

• MdxToken (heco)
• MdxToken (bsc)
• Mdx HecoPool (heco)
• Mdx BSCPool (bsc)
• Mdx SwapMining（heco）
• Mdx SwapMining （bsc）
• MDEX External Contracts
• Repurchase (heco)
• Repurchase (bsc)
• Burning (bsc)

The following situations are out of the scope of this Bug Bounty Campaign:

Bugs in any third-party contracts or platforms interacting with MDEX;

Bugs that have already been reported or discovered in third parties’ contracts built on MDEX;

Bugs caused by the following activities: front-end errors, DDOS attacks, automated tools, damage or abuse of third-party systems or services.

Reward Plan

The severity of those bugs will be calculated using the Common Vulnerability Scoring System.

(CVSS):

In addition to severity, rewards will also be weighed against the impact of bugs found and the difficulty level of finding them.

Review and reward timeline

For valid bug reports that have passed the preliminary review, we will reply by email within 15 days;

And for valid bug reports, we will determine the vulnerability rating and offer corresponding rewards within 15 days after replying to the email;

All rewards will be issued in the form of MDX tokens.

Credible audit institutions CertiK and Fairyproof will evaluate the valid bug reports submitted.

How to submit your report

Any bugs or defects found must only be reported to the following email: developer@mdex.com；

Prior to the disclosure to the above e-mail, no disclosure to any other person, entity or e-mail address is allowed.

Please include as much bug-related information as possible, including but not limited to:

The definite conditions for recurrence of the bug.

The steps needed to reproduce the bug.

The potential impact if the bug is exploited.

Detailed bug reports and analysis will not only increase the possibility of getting rewards but also the possibility of getting higher rewards.

Terms and Conditions

To earn the rewards, you must:

Discover a never-reported and never-published bug or bugs, which could lead to the possible loss or lock-up of assets on MDEX (but not on any third-party platform that interacts with MDEX) and is within the scope of this Campaign.

The bugs should be firstly and only disclosed to MDEX.

Provide enough details to enable our engineers to fix the bugs.

Do not engage yourself in any illegal practices (e.g., blackmailing, threatening, etc) when reporting bugs to MDEX.

Do not exploit the bugs in any way, including disclosing to the public or making profit (except for earning rewards from this Campaign).

Act in good faith and do not perform any privacy invasion, data damage, interruption or degradation of MDEX service.

Only one bug should be submitted each time, unless you need to link the bug to other ones to showcae the impact.

Bugs caused by the same (potential) issues that have been submitted under this campaign will not be accepted

Participants should not be our current or former employees or suppliers, nor employees of any of these suppliers.

Satisfy all eligibility requirements of the Campaign.

Security Consultant

We are very honored to have CertiK and Fairyproof audit firms as the security consultant for MDEX’s Bug Bounty Campaign! It will provide professional advice and guidance!

All bug reports reviewed by MDEX will be double reviewed by the security consultant.

Other terms

All reward decisions, including the eligibility, amount of award and the method of payment, are up to the discretion of MDEX team.

The terms and conditions of this Campaign may change as per realities realities from time to time.