Bug Bounty

Last updated 9 days ago

Bug Bounty

We highly value your participation in our bug bounty program, as it plays a vital role in strengthening our security measures. Your dedication to identifying and addressing potential vulnerabilities in our systems is greatly appreciated.

Outlined below are the scope and guidelines for our bug bounty program, which encompass both our mobile application, browser extension and web services.

Assets

Our assets are divided into two categories: arbtrade client-side applications and arbtrade infrastructure and services.

arbtrade.app
arbtarde.com
arbtarde.dev
Any asset confirmed to be owned by Arbtrade

Primary Focus

The following types are of particular interest to our security team:

Vulnerabilities with the potential to steal user funds Vulnerabilities associated with the leakage of confidential information Access to Arbtrade pipelines, processes or build environments

Rewards Critical ($12,500 → $20,000)

Examples - Wallet

XSS (within the context of the Wallet) Origin Spoofing (affecting transaction simulation) Examples - Server-Side

Remote Code Execution (within ArbTrade infrastructure) SQL Injection (with access to PII) High ($5,000 → $12,500)

Examples - Wallet

PII/Sensitive Data Leakage to Third Parties Examples - Server-Side

SQL Injection (no PII access - only public data and no escalation path) Medium ($1,500 → $5,000)

Examples - Wallet

From Examples - Server-Side

Reflected XSS Low-Impact IDORs Low ($50 → $1,500)

Examples - Wallet

User interface issues that impact security, such as mislabeled security or privacy features Examples - Server-Side

Hosting malicious JavaScript on a non-essential subdomain (e.g., via XSS or subdomain takeover) Exceptional Circumstances

Arbtrade is offering a $50,000 bounty for vulnerabilities that demonstrate:

Remote extraction of a user’s private key without user interaction, or Ability to inject malicious code into the build process without being detected Note: The final determination of whether a vulnerability meets the exceptional criteria is at the sole discretion of the Arbtrade security team.

PreviousAffiliates NextTechnology Fees

Last updated 9 days ago

Bug Bounty

Outlined below are the scope and guidelines for our bug bounty program, which encompass both our mobile application, browser extension and web services.

Assets

Our assets are divided into two categories: arbtrade client-side applications and arbtrade infrastructure and services.

arbtrade.app
arbtarde.com
arbtarde.dev
Any asset confirmed to be owned by Arbtrade

Primary Focus

The following types are of particular interest to our security team:

Vulnerabilities with the potential to steal user funds Vulnerabilities associated with the leakage of confidential information Access to Arbtrade pipelines, processes or build environments

Rewards Critical ($12,500 → $20,000)

Examples - Wallet

XSS (within the context of the Wallet) Origin Spoofing (affecting transaction simulation) Examples - Server-Side

Remote Code Execution (within ArbTrade infrastructure) SQL Injection (with access to PII) High ($5,000 → $12,500)

Examples - Wallet

PII/Sensitive Data Leakage to Third Parties Examples - Server-Side

SQL Injection (no PII access - only public data and no escalation path) Medium ($1,500 → $5,000)

Examples - Wallet

From Examples - Server-Side

Reflected XSS Low-Impact IDORs Low ($50 → $1,500)

Examples - Wallet

User interface issues that impact security, such as mislabeled security or privacy features Examples - Server-Side

Hosting malicious JavaScript on a non-essential subdomain (e.g., via XSS or subdomain takeover) Exceptional Circumstances

Arbtrade is offering a $50,000 bounty for vulnerabilities that demonstrate: