Paradex launches bug bounty program with up to $500K in rewards

Paradex launches bug bounty program with up to $500K in rewards

The perpetual futures exchange is offering ethical hackers up to 500,000 USDC through Sherlock, a significant upgrade from its previous $45K program on Immunefi.

Paradex, the decentralized perpetual futures exchange built on Starknet’s first appchain, has gone live with a new bug bounty program on Sherlock, offering security researchers up to $500,000 USDC for uncovering critical vulnerabilities in its protocol. The program launched on June 8, 2026, and is actively accepting submissions.

For context on how seriously Paradex is taking this: its previous bounty program, which ran on Immunefi through mid-2025, had a total reward pool of $45,000. The new ceiling is more than ten times that figure.

Advertisement

How the payout structure works

The program uses a tiered reward model. Critical vulnerabilities, defined as anything that could enable direct theft of $100K or more in user funds or cause protocol insolvency, are eligible for the maximum $500K USDC payout. Researchers earn 10% of the funds at risk, with a floor of $25,000 for any qualifying critical finding.

The program explicitly excludes oracle-related vulnerabilities, issues already flagged in prior audits, bugs in third-party dependencies, and findings that overlap with other active bounty programs.

What Paradex actually is

Paradex describes itself as a self-custodial trading platform designed to combine the speed and efficiency of a centralized exchange with the transparency that comes from settling on a public blockchain. It launched publicly around 2023 and runs on Starknet’s appchain infrastructure, which gives it a dedicated execution environment separate from Starknet’s main network.

Perpetual futures are the product. These are derivative contracts that let traders take leveraged long or short positions on crypto assets without an expiry date, and they are consistently among the highest-volume products in decentralized finance.

The jump from a $45,000 Immunefi pool to a $500,000 Sherlock program reflects a maturing approach to security economics. Bug bounties work on incentive theory: the reward has to exceed what an attacker could reasonably earn by exploiting the vulnerability and selling stolen funds. At $45K, that calculus was increasingly unfavorable. At $500K, serious security researchers have genuine financial motivation to find and disclose problems rather than exploit them.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

Paradex launches bug bounty program with up to $500K in rewards

Paradex launches bug bounty program with up to $500K in rewards

The perpetual futures exchange is offering ethical hackers up to 500,000 USDC through Sherlock, a significant upgrade from its previous $45K program on Immunefi.

Paradex, the decentralized perpetual futures exchange built on Starknet’s first appchain, has gone live with a new bug bounty program on Sherlock, offering security researchers up to $500,000 USDC for uncovering critical vulnerabilities in its protocol. The program launched on June 8, 2026, and is actively accepting submissions.

For context on how seriously Paradex is taking this: its previous bounty program, which ran on Immunefi through mid-2025, had a total reward pool of $45,000. The new ceiling is more than ten times that figure.

Advertisement

How the payout structure works

The program uses a tiered reward model. Critical vulnerabilities, defined as anything that could enable direct theft of $100K or more in user funds or cause protocol insolvency, are eligible for the maximum $500K USDC payout. Researchers earn 10% of the funds at risk, with a floor of $25,000 for any qualifying critical finding.

The program explicitly excludes oracle-related vulnerabilities, issues already flagged in prior audits, bugs in third-party dependencies, and findings that overlap with other active bounty programs.

What Paradex actually is

Paradex describes itself as a self-custodial trading platform designed to combine the speed and efficiency of a centralized exchange with the transparency that comes from settling on a public blockchain. It launched publicly around 2023 and runs on Starknet’s appchain infrastructure, which gives it a dedicated execution environment separate from Starknet’s main network.

Perpetual futures are the product. These are derivative contracts that let traders take leveraged long or short positions on crypto assets without an expiry date, and they are consistently among the highest-volume products in decentralized finance.

The jump from a $45,000 Immunefi pool to a $500,000 Sherlock program reflects a maturing approach to security economics. Bug bounties work on incentive theory: the reward has to exceed what an attacker could reasonably earn by exploiting the vulnerability and selling stolen funds. At $45K, that calculus was increasingly unfavorable. At $500K, serious security researchers have genuine financial motivation to find and disclose problems rather than exploit them.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.