AI Trading · Quantitative Analysis

AIQuant aiquant.tools

AIQuant at https://aiquant.tools/ operates as an AI-powered crypto trading & quantitative analysis platform: algorithmic trading bots, machine learning signal generators, exchange API integrations, backtesting engines, portfolio optimization, and admin dashboards — the entire AIQuant-operated perimeter is in-scope. Each critical with reproducible chain pays $5,000 USD. Mandatory kill chain + working exploit. No fund theft against unrelated parties, laundering, or harassment — defensive coordinated research only.

$5,000 per critical
Chain + PoC kill chain · attack succeeds
01 — Overview

AI trading bots & quant analysis surfaces under stress

AIQuant concentrates algorithmic trading bots, ML-driven signal generation, exchange API key management, backtesting infrastructure, and real-time portfolio optimization — fertile ground for API key theft, model manipulation, unauthorized trade execution, and cross-account data leaks. This playbook rewards only highest-impact, fully demonstrated criticals — each earns $5,000.

AIQuant's AI models make trading decisions based on market data and user configurations. Compromising the model training pipeline, signal distribution, or trade execution engine can cascade into large-scale fund movement across connected exchanges. In scope materially: every host under aiquant.tools, subdomains, AI/ML backend services, bot engine APIs, websocket data feeds, admin panels, database surfaces, and user API key storage. Civil exclusions only: fund theft against unrelated third parties, laundering, harassment — society-level bans, not endpoint lists.
Always keep sandbox mirrors humane: prove impact on isolated test accounts when possible.

Minimum evidence bar — non-negotiable:
1️⃣ Kill chain from root cause → exploit steps → measurable loss or integrity break  2️⃣ Proof the attack succeeds (replayed APIs showing unauthorized trade execution, database exfiltration, admin boundary cross). Narratives without replayable exploits stall below payout threshold.
02 — Why this matters

Why pressure-test AIQuant?

Flat $5K critical payouts

Validated critical exploits with reproducible payloads earn exactly $5,000 USD — no spreadsheet bingo.

AI model & signal manipulation

Compromising AIQuant's ML pipeline or signal distribution can cause automated bots to execute malicious trades — a novel attack surface beyond traditional web flaws.

Admin & infrastructure access

Database compromise or admin panel access on aiquant.tools can expose user API keys, ML model parameters, and trading configurations — enabling fund theft at scale.

03 — Critical reward

$5,000 per demonstrated critical

$5,000 USD
Critical

A critical finding is one that leads to database compromise, admin account or console access, drainage of user funds (via stolen API keys, trade execution without consent, or model/signal manipulation), or any vulnerability enabling fund theft from the platform or its users.

  • SQL injection, NoSQL injection, or any DB access path that exfiltrates credentials, API keys, or user data
  • Authentication bypass granting admin-level access to the aiquant.tools control panel
  • Server-side request forgery (SSRF) exposing internal infrastructure, secrets, or database endpoints
  • Remote code execution (RCE) on aiquant.tools servers
  • IDOR or privilege escalation allowing access to other users' API keys, bot configurations, or trading history
  • Model poisoning or signal injection that causes automated fund drainage
04 — What's in scope

Scope & targets

Target Type Reward
aiquant.tools, subdomains, web UI, dashboard Web $5,000 / validated bug
AI/ML backend · signal generation · trading bot engine Backend $5,000 / validated bug
Exchange API key storage · trade execution engine Custody $5,000 / validated bug
Admin panels · user management · support rails Ops $5,000 / validated bug
User databases · backtesting data · ML model storage Data $5,000 / validated bug
05 — Full-scope policy

If AIQuant operates it, it's in scope

Signal generation workers, bot execution daemons, ML model training infrastructure, monitoring dashboards, staging shards on aiquant.tools — all eligible when critical impact reproduces.

  • Vanity domains CNAME'd into AIQuant edge — show DNS/traffic proof in your write-up.
  • AI model API endpoints that serve trading signals to bots
  • Colocated automation containers AIQuant operates
  • Staging or dev shards on aiquant.tools that mirror production
Legal floor (not bounty shrink): fund theft from unrelated third parties, laundering, indiscriminate draining of connected exchanges, harassment — always off-limits even if endpoints tempt you.
06 — Rules

Rules of engagement

  1. Prove exploitation success. Provide scripts, HARs, parallel request captures, or signing traces showing fund/state impact — not paper analysis alone.
  2. Number your hops. Session/API primitive → escalation → treasury or book integrity break.
  3. Minimize real-user blast radius. Prefer test accounts, low-value targets, and reversible payloads when demonstrating theft-class bugs.
  4. Private coordination first. Use official intake on aiquant.tools before public threads.
  5. Duplicate fairness. First qualifying PoC wins; followers close acknowledged-only.
07 — Submit

How to submit a report

Use the security / vulnerability disclosure contact published on https://aiquant.tools/ (security@aiquant.tools is a common guess — verify on the live site before emailing). Attach a clear kill-chain narrative along with replayable proof.

Unverifiable reports or those lacking demonstration of actual impact will be closed without reward.

Before submitting: verify the disclosure channel on the live aiquant.tools site. The bounty program page links to editorial guidance — always cross-reference against the platform's actual contact method.
08 — Example Report

What a critical submission looks like

Example only. This is an illustrative code snippet of a vulnerability class relevant to this platform. Actual findings must be demonstrated on the live target.
python 
# BUGGY: API key endpoint returns full key in response without authorization check
@app.route('/api/v1/user/apikeys')
def get_api_keys():
    user_id = request.args.get('user_id')
    # No ownership check — returns keys for any user_id
    keys = db.query("SELECT * FROM api_keys WHERE user_id = ?", (user_id,))
    return jsonify(keys)

A real submission would pair this with captured HTTP requests showing API key exfiltration for arbitrary users on aiquant.tools, then demonstrate using those keys to execute unauthorized trades on connected exchanges.

09 — FAQ

Frequently asked questions

What qualifies as a critical on AIQuant?

Any vulnerability that leads to database access, admin account takeover, unauthorized trade execution using other users' API keys, fund theft from the platform or its users, compromise of ML model infrastructure — all pay $5,000 with a valid kill chain.

Are AIQuant staging/dev environments in scope?

Yes — any aiquant.tools subdomain or sibling host used for development, staging, or QA is in scope if the critical impact can be demonstrated.

Does the $5,000 cover all severities?

No. Only critical findings that meet the full evidence bar pay the flat $5,000. Lower-severity issues (XSS without impact chain, informational disclosures) may be acknowledged but do not qualify for the reward.

Can I test AI model manipulation?

Yes — model poisoning, signal injection, or adversarial input attacks against AIQuant's ML pipeline are in scope when they demonstrably lead to fund movement or unauthorized trading. Prove the exploit chain end-to-end.

How is the reward paid?

BountyHunter Editorial coordinates the validated submission with the platform. Payment is in USD via the method agreed during validation. Expect 30-60 days for processing after confirmation.