🤖
Titan
Titan - English
Titan - English
  • 🤖Welcome to Titan
  • 💡 Why use Titan swaps?
  • 🛠️ Products
  • 🚢 Factory
  • How Do I Use Titan?
  • Titan Walkthrough
    • Swapping
    • Depositing Liquidity
    • Withdrawing Liquidity
    • Staking & Unstaking to Earn Rewards
  • 🏛️ Colossus: Concentrated Liquidity AMM
    • 🗿 Colossus Overview
    • 🔍 Colossus Audits
    • 🧠 Smart Contracts
      • Deployed Contract Addresses
      • Router
      • Vault
      • Pool Manager
      • LP Account
      • Pool
      • Position
      • Farm
    • 👨🏻‍💻 Common Uses
      • Swap
      • Provide Liquidity
      • Burn Liquidity
      • Harvest Pool Fees
      • Stake position
      • Unstake position
      • Harvest Staking Rewards
    • 🧭 Examples
      • Swap SDK
  • ⚙️ How to list a pool on Titan
  • ⚡ Titan Swap API
  • 🐛Bug Bounty
  • 🔍 FAQs
  • 🇷🇺 Titan-Русский
Powered by GitBook
On this page

Bug Bounty

Titan DEX – Bug Bounty Program (v1.0) Last updated: 19 May 2025

1. Program Overview

Titan DEX—built on the TON network—invites security researchers to help protect our smart contracts, web app, and supporting infrastructure. Severity is determined solely by the Titan Security Team, but rewards will never be less than the amounts below.

Severity
Minimum Reward (USD-equivalent)

Critical

$1 500

High

$1 000

Medium

$ 250

2. What We Consider In-Scope

Below are illustrative examples. The Security Team reserves final classification.

Category
Examples of Issues Likely to Qualify*

Critical

• Irreversible loss of liquidity or user funds (e.g., drain-or-lock without feasible recovery) • Bypass of signature / authorization checks • Remote execution of arbitrary smart-contract code

High

• Bugs that temporarily lock or mis-route customer funds but allow full recovery by the team • Incorrect fee/accounting logic that could be exploited to misallocate funds, provided recovery is possible • Severe oracle or price-calculation errors that could lead to fund mispricing without direct, irreversible theft

Medium

• Smart-contract logic errors with limited financial impact • Exposure of non-critical user data (e-mail, IP)

* The lists are not exhaustive; any vulnerability with material security impact qualifies.

3. Out-of-Scope / No-Reward Examples

  • Informational or best-practice issues

  • Denial-of-Service solely via gas-limit exhaustion or transaction spam

  • Issues already public or previously reported

  • Social-engineering, phishing, or physical attacks on Titan staff or users

4. Responsible Disclosure

  1. Send reports exclusively to Legal@titan.tg.

  2. Include a clear step-by-step proof-of-concept.

  3. Do not publish the vulnerability until Titan confirms remediation.

  4. Avoid privacy violations, data destruction, and service degradation during testing.

5. Reward Determination & Payment

  • Rewards are paid in USDT or another mutually agreed asset on TON.

  • Exceptional findings may receive higher payouts.

  • First valid report of a given issue receives the reward (duplicates ineligible).

  • Reporters must comply with all applicable laws and sanctions.

6. Legal Notes

  • Participation does not create any employment or agency relationship.

  • Titan’s decisions on severity, eligibility, and reward size are final.

  • By submitting, you grant Titan the right to use your report to improve security.

Thank you for helping secure Titan DEX. Questions? Reach us at Legal@titan.tg.

Previous⚡ Titan Swap APINext🔍 FAQs

Last updated 1 month ago

🐛