Bug Bounty


Security is Arche's top priority. The Arche team has created a secure and reliable protocol and deployed it on the Ethereum mainnet after being reviewed and audited by a professional organization. All smart contracts codes are publicly verifiable, and we will provide bug incentives for undiscovered vulnerabilities.
We encourage users to pay attention to risks and only use funds that can withstand losses. The forward contract is a relatively complex tool for ordinary users, but if properly understood and used, Arche can be used as a powerful hedging tool to help users hedge risks. At the same time, it should be noted that smart contracts are still innovative experimental technologies. Remind our users to remain optimistic about Arche and at the same time be cautious about their own funds.

BUG Incentives program

Security is Arche's top priority. Although Arche's smart contracts have been rigorously tested and audited, there may still be undiscovered vulnerabilities in this new technology. We value and encourage the community to provide comments to help us discover and fix BUGs and disclose BUGs after they are fixed.


This plan is only limited to the BUG that affects the Arche protocol, and the submitted BUG should be sent to [email protected]
The following types of bugs are not in this plan:
  • BUG caused by wrong call of Arche protocol.
  • Any bug in the third-party protocol or platform that interacts with the Arche protocol.
  • BUG caused by the following situations is not in this plan:
    • Front-end bug
    • DDOS attack
    • spam
  • Vulnerabilities related to non-standard arbitrary ERC20; BEP20; HER20 tokens may be out of this plan, because in order to apply for BUG incentives, non-standard arbitrary ERC20; BEP20; HER20 tokens may be written into many BUGs.
  • Use BUG in any way, including making it public or gaining profit through BUG (except BUG incentives)
  • Repeated BUG: Only the first discoverer can be rewarded (need to meet the disclosure requirements)
  • Has been considered as part of a formal audit or has been marked as an issue on the repurchase agreement.


The severity of the bug will be scored according to the CVSS general vulnerability scoring system, and rewards will be issued based on the score. The reward distribution rules are as follows:
Major BUG (9.0-10.0): Up to US$100,000
Serious BUG (7.0-8.9): Up to US$40,000
Intermediate BUG (4.0-6.9): Up to US$5,000
Low-level BUG (0.1-3.9): Up to US$1,000
In addition to evaluating the severity, the bug incentive rewards will also be considered based on the difficulty of finding the bug.
Before Arche deploys to Ethereum; Binance Smart Chain; and Huobi Chain mainnet, if BUG is discovered, a 20% BUG incentives will be awarded. This helps Arche's security before it goes live.


After discovering any bugs or errors, you must disclose to and only to this email: [email protected], no public disclosure, and no disclosure to any individuals, entities, or emails before disclosing to [email protected] Except disclosing to [email protected], it must not be disclosed in any other way. And after discovering this vulnerability, you must immediately disclose it to [email protected], and provide more information about the bug or error:
· Condition to reproduce the bug or error.
· Steps required to reproduce the bug or error.
· The potential impact and risk of the bug or error being abused.
For anyone who discovers a bug or error for the first time, and the BUG or error causes code and configuration changes, and who keeps the secret until our engineer fixes the BUG or error, we will make the contribution public after approval such a contribution.

Other conditions

The distribution of all rewards, including whether to distribute rewards, how many rewards are distributed, and the method of reward distribution, are all determined by Arche.
The terms and conditions of the BUG incentives program can be changed at any time without notice.