Security

Bug Bounty Program

Help keep Paxeer Network secure by responsibly disclosing vulnerabilities. Reports are handled confidentially and triaged using CVSS.

Report a Vulnerability

Confidential

Private Reporting Channel

Coordinated

Responsible Disclosure

Safe Harbor

No Legal Action for Good-Faith Research

Triage Response Targets

Critical

Actively exploitable issues with potential for fund loss or systemic impact.

ACK in 48 hours
High

Serious vulnerabilities with meaningful security impact but limited blast radius.

ACK in 96 hours
Medium

Issues that degrade protocol safety or availability without immediate critical impact.

ACK in 96 hours
Low

Low-impact issues or informational findings with demonstrable relevance.

ACK in 96 hours

In Scope

  • Paxeer Core Protocol Smart Contracts
  • Paxeer Bridge Contracts
  • Paxeer Staking Contracts
  • Paxeer Governance Contracts
  • Official Paxeer Frontend Applications

Out of Scope

  • Third-party applications built on Paxeer
  • Issues already reported or known
  • Attacks requiring access to privileged keys
  • Social engineering attacks
  • Denial of service attacks

How to Report

  1. 1

    Discover a Vulnerability

    Find a security issue in our in-scope assets.

  2. 2

    Document the Issue

    Create a detailed report with steps to reproduce.

  3. 3

    Submit Privately

    Email security@paxeer.app with your findings.

  4. 4

    Coordinate Disclosure

    We’ll work with you to verify impact, ship a fix, and disclose details responsibly once users are protected.