dKargo Warehouse Testnet Bug Bounty Program

dKargo is launching a Bug Bounty Program alongside the Warehouse testnet to enhance the reliability and security of the Web3 logistics ecosystem.

We invite our users and community to actively participate in identifying bugs and vulnerabilities. Your reports will help us build a more secure and stable mainnet — and you’ll be rewarded for your contributions!

🐞 How to Participate

The Bug Bounty Program rewards participants for reporting technical vulnerabilities found during testnet usage. Rewards vary based on the severity of each bug.

Refer to the guidelines below and join the mission to improve dKargo.

📌 Severity Levels & Reward Structure

Bug reports will be categorized based on their potential impact on the dKargo mainnet, with rewards distributed as follows:

📌 Bug Severity Levels & Reward Structure

dKargo’s Bug Bounty Program classifies reports into four severity levels based on their potential impact on the mainnet. Rewards are granted accordingly as follows:

🔥 Critical: Vulnerabilities that can disable or exploit core functions, including network shutdowns, asset theft, or other severe security threats. These are eligible for rewards of up to $2,000.⚠️ High: Issues that can directly affect key service operations, such as data manipulation, API vulnerabilities, or potential abuse of the Faucet system. Reports in this category are rewarded with $700.🛠️ Medium: Bugs that negatively impact specific features or user experience, including node execution errors or transaction failures (e.g., deposit/withdrawal issues). These reports are eligible for $200.✅ Low: Minor issues that do not affect system security, such as UI/UX bugs, typos, or visual inconsistencies. These are rewarded with $25.

💡 All rewards will be provided in the equivalent value of DKA tokens.

📍 Eligible Bug Report Criteria

Reports must meet the following conditions to be considered valid:

Pose a genuine security threat or potential for abuse in a real-world environmentMust be reproducible, with detailed steps providedDemonstrate a security concern based on realistic scenariosAffect the latest version of relevant documentation or software

❌ Ineligible Reports

The following types of reports will not qualify for a reward:

Attacks requiring physical access, basic DDoS attempts, or resource exhaustionIncomplete reports with insufficient steps or evidenceBugs occurring only on outdated browsers, or duplicate reportsTheoretical vulnerabilities or general security suggestionsSystem failures caused by factors beyond the developers’ control (e.g., network outages)

📩 How to Submit a Bug

While there is no fixed template, all reports must include the following:

Bug Title: A brief summary of the issueDescription: Detailed explanation and potential impactReproduction Steps: Step-by-step guide with environment detailsImpact Assessment: Description of how the bug affects the systemSeverity Level: Select one — Critical / High / Medium / LowEvidence: Screenshots, videos, or any proof to support your report

Submit your report including all of the above via email to:

📬 Email: hello@dkargo.io

🚀 Get Started

Your participation and expertise are key to the success of the dKargo Warehouse Testnet Bug Bounty Program. Let’s work together to build a safer and more resilient dKargo ecosystem.