Bug Bounty Program
Help us secure NELEX and earn rewards.
Program Overview
At NELEX, security is our top priority. We believe in the power of the community to help us identify and fix potential vulnerabilities. That's why we encourage security researchers to responsibly disclose any issues they find in our platform.
Safe Harbor: If you conduct your research and reporting in accordance with this policy, we will not initiate legal action against you.
Submit a Report
Use the form below to submit your finding directly to our security team. Please provide detailed steps to reproduce.
💡 Note: Email ID is used to know the reporter of this bug. Submitting your email ID will not add you as a user or give you access to portal data.
Reward Tiers
We reward reports based on the severity and impact of the vulnerability. Rewards are paid in USDT or NELEX tokens (vested).
| Severity | Example | Reward Range |
|---|---|---|
| Critical | RCE, Fund Drain, Auth Bypass | $5,000 – $25,000 |
| High | IDOR, Privilege Escalation | $1,000 – $5,000 |
| Medium | Stored XSS, Sensitive Data Leak | $300 – $1,000 |
| Low | Reflected XSS, Info Leak | $50 – $300 |
Scope & Rules
Please review the following guidelines to understand which assets are eligible for rewards and which are excluded from the program.
In Scope
NELEX Website
nelx.io
Browser Extensions
Chrome & Firefox extensions
Smart Contracts
Addresses listed in docs
Out of Scope
DDoS Attacks
Network stress testing
Social Engineering
Phishing, vishing, smishing
Third-party Services
CRM, Analytics, etc.
UI/UX Issues
No direct security impact