Dexlyn Bug Bounty Program

Security is a top priority at Dexlyn. We recognize the importance of independent security researchers in identifying potential vulnerabilities that could impact our platform and Identity Services. To encourage responsible disclosure, we invite security researchers and ethical hackers to participate in our Bug Bounty Program and help us strengthen our platform.

Submit a Bug
Bottom Left CubeBottom Right OrbMid Right CubeBottom Left Small

How to Report a Vulnerability

If you believe you have found a security vulnerability or bug in Dexlyn’s Identity Services or core platform, please report it to us by emailing [email protected] with the following details:

A clear and detailed description of the vulnerability

A proof-of-concept (PoC) demonstrating exploitation

The potential impact of the vulnerability

Steps to reproduce the issue

Our Security Team will review all valid reports, verify the issue, and respond promptly with confirmation or additional information requests.

What We Review

Every submission is reviewed by our Security Team. However, some reports may not qualify. We only consider vulnerabilities that:

Include manual validation (reports based solely on automated scanners will not be accepted).
Have a valid proof-of-concept (PoC) demonstrating a real exploit scenario.
Present realistic attack vectors (issues requiring excessive user interaction may be rejected).

Excluded Vulnerabilities

The following vulnerability classes are not eligible for our Bug Bounty Program:

Lack of security headers
Lack of cookie attributes
Social engineering (e.g., phishing, self-XSS)
Distributed Denial-of-Service (DDoS) attacks
Email spoofing
Username/email enumeration (e.g., via login page or password reset forms)
Banner, version, or internal IP information disclosure
Physical security vulnerabilities

Program Scope

The Bug Bounty Program focuses on the following components of Dexlyn:

Smart Contracts & Protocol

Vulnerabilities in smart contracts that could result in loss of funds, unintended access, or contract exploitation.

Web Applications

Frontend and backend vulnerabilities that could compromise user data, authentication, or trading functionalities.

Dexlyn Identity Services

Security flaws in Supra Name Service (SNS) or other identity-related features.

APIs & Infrastructure

Misconfigurations or vulnerabilities affecting API endpoints and the overall system security.

Rewards & Recognition

We appreciate the efforts of security researchers and ethical hackers. Qualifying reports will be rewarded based on severity and impact, following industry best practices. High-severity bugs that pose critical risks will receive the highest rewards.

Responsible Disclosure Policy

To be eligible for rewards, security researchers must adhere to the following responsible disclosure guidelines:

Do not publicly disclose or exploit the vulnerability before Dexlyn has had a reasonable time to address the issue.
Do not use findings to compromise user data or conduct attacks on the network.
Report the issue directly to [email protected] and wait for our response.

Join the Bug Bounty Program

If you are a security researcher or ethical hacker, we encourage you to participate in Dexlyn’s Bug Bounty Program and contribute to the security of decentralized finance. Your efforts help us maintain a secure and reliable decentralized trading experience for all users.

For additional inquiries, please reach out to [email protected].

© 2025 Dexlyn. All Rights Reserved.
Terms of usePrivacy Policy