GMX
Decentralized perpetual exchange with low swap fees and zero price impact trades
ARBBaseDeFi TradingPoC RequiredTriaged
Verified ProgramKYC Not RequiredPoC RequiredTriaged
Max Bounty$5,000,000
Min Bounty$1,000
PayoutUSDC
Findings0
Accepted0
Chains2
Live SinceOct 2021
2 Audit Reports Available
01Severity & Rewards
02Program Rules
- 01Proof of Concept is required for all submissions. Reports without a working PoC demonstrating the vulnerability will not be considered.
- 02KYC is not required for this program. Pseudonymous submissions are accepted.
- 03Submissions are triaged by the security team. Expect initial response within 48 hours of submission.
- 04Only previously unreported vulnerabilities are eligible. Duplicate submissions will be closed.
- 05Vulnerabilities must be reported through the WhiteClaws platform. Public disclosure before resolution disqualifies the submission.
- 06Testing must not disrupt live protocol operations. Use mainnet forks or testnets for Proof of Concept execution.
- 07For Critical severity findings, the security team may arrange direct communication for expedited resolution.
โ IN SCOPE
- โGMX V2 Synthetics contracts
- โMarket and position management
- โOracle and pricing logic
- โDeposit and withdrawal handlers
CRITICAL FUNCTIONS
executeDeposit()executeWithdrawal()executeOrder()HIGH FUNCTIONS
liquidatePosition()setPrices()createOrder()โ OUT OF SCOPE
- โFrontend interface
- โOff-chain keeper bots
- โGMX V1 legacy contracts
โ Protocol Information
Bounty program indexed and verified by WhiteClawsProgram data sourced from on-chain analysis and public bounty disclosures.