Decentralized exchange DEx.top recently announced it joined forces with the world’s largest ethical hacker community, HackerOne, to launch the HackerOne Challenge bug bounty program. The program leverages on HackerOne’s network of security experts to search and provide solutions for vulnerabilities in DEx.top’s code; in turn, helping to secure DEx.top.
During June 1st through June 16th of last month, security experts from Hackerone’s 100,000-strong white hat hacker community were invited to subject DEx.top’s site to extensive penetration tests (used by security experts to identify security vulnerabilities and their potential impact).
At the conclusion of the HackerOne Challenge, three hackers found a total of five vulnerabilities (one high-risk, one medium-risk and three low-risk). All five vulnerabilities were patched within two days of the release of the pen test results.
Founded in 2012 by a group of hackers and security leaders passionate about making the Internet safer, HackerOne is now the largest bug bounty and vulnerability coordination platform in the market. The platform provides best-in-class workflows that allow companies to define disclosure policies, then work directly with ethical hackers to resolve security vulnerabilities before they can be criminally exploited. To date, the company boasts Internet industry leaders such as Facebook, Twitter, Uber, Yahoo and Adobe, top-tier blockchain companies such as Coinbase and Rootstock, and multiple government departments as part of their clientele. DEx.top has also moved to work together with HackerOne. With our shared respect for open-source technology, we were able to very quickly and smoothly partner on the HackerOne Challenge.
The DEx.top team said:
“Security is and has always been a priority for the DEx.top team. The HackerOne Challenge has been a fruitful exercise, allowing us to leverage the combined efforts of many third-party security experts to test our platform and verify its security.”
From a technical perspective, the DEx.top trading platform employs several methods to ensure the security of user assets:
- Trader’s assets are held by smart contracts; at no point in time does DEx.top perform any custodial function.
- Trades are completely peer-to-peer. Each order must be signed with the trader’s private key and is verified by smart contracts after successful matching. The platform does not collect or store any private keys.
- In the event of attacks on the DEx.top off-chain ledger, the platform will temporarily halt all trading activity to prevent hackers from transferring any assets or placing any orders. In extreme cases, our smart contract’s “Release Function” will be triggered. This shuts down DEx.top’s on-chain ledger and returns all assets to their users.
Before going live, the DEx.top platform has passed multiple rounds of rigorous testing and code audits. If any security vulnerabilities are discovered by smart contract experts, they are obligated to provide a patch as soon as possible and prevent adverse consequences for users. Hence, the recent allowAnyone bug identified in multiple ERC20 smart contracts did not appear on the DEx.top platform.
Moving forward, DEx.top will continue to invest resources on blockchain and smart contract security, as well as partner with security companies such as HackerOne to make security our top priority so that users can be assured of the security, transparency, and reliability of the trading environment and the safety of their assets.