Welcome to the Polkamarkets V2 Documentation!

Responsible Disclosure

We are thankful for the proactivity and the responsible approach of most researchers.
We encourage all researchers to report any vulnerability that they find, be it on the smart contracts, the web application or APIs, whatever their severity, to the Polkamarkets Labs team, by following the process described below, which is based on dioterms.


We require that all researchers:
  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, destruction of data and/or misappropriate user funds during security testing;
  • Perform research limited to the scope described above in the Bug Bounties section;
  • Use the identified communication channels to report vulnerability information to us;
  • Keep information about any vulnerabilities youโ€™ve discovered confidential between yourself and Polkamarkets Labs until weโ€™ve had 90 days to resolve the issue, or until we agree on public disclosure (whichever comes first); and
  • Do not engage in extortion.


If you adhere by our requirements when reporting an issue to us, Polkamarkets Labs commits to:
  • Working with you to understand and resolve the issue quickly (including an initial acknowledgement of your report within 72 hours of submission);
  • Not pursuing or supporting any legal action related to your research;

Communication channel

Please report any vulnerabilities via email to security@polkamarkets.com.