Singapore, 21st January 2022 — The Nakji Foundation (‘Nakji’) is launching a 200K USD Bug Bounty program for developers and security researchers to help discover vulnerabilities and prevent security problems in the Nakji ecosystem. Nakji Network is excited to work together with Uppsala Security, who has built the first blockchain based crowdsourced Threat Intelligence platform.
The 200K USD Bug Bounty Program Overview
The Nakji Foundation is funding its first Bug Bounty program with up to $200,000 USD in rewards for vulnerabilities related to Nakji connectors, smart contracts, and websites. The primary scope of the program includes:Loss of FundsFrozen FundsIncorrect PayoutRemote Code ExecutionStolen Private DataVulnerable DependenciesDegraded or Disabled FunctionalityDegraded or Disabled PerformanceMismatched Output
Bounty Program Rewards
Bounties rewards are determined based on the severity of the bug and impact of its potential damage. This is based on the Common Vulnerability Scoring System that will be approved by Uppsala Security.
Severity Level, Rewards, and Examples:Critical (up to $100,000 USD): Loss of funds, incorrect payout, remote code executionHigh ($10,000 USD): Private information being stolen, smart contract or connector functionality being disruptedMedium ($1,000 USD): Connector performance degradationLow ($500 USD) Mismatched outputNone: ($0 USD)
Determination of rewards are at the discretion of the Nakji Foundation, Uppsala Security and all applicable laws. We take into consideration all variables in determining the severity and the reward amount. Participants are responsible for all taxes for the rewards.
Submit a Bug
To submit a report, please send an email at firstname.lastname@example.org with the following formatted sections along with any Proof of Concept (PoC).SummarySteps to ReproduceSupporting Material and References
In addition, participants will also need to be registered through The Nakji Foundation’s KYC platform at https://kyc.nakji.network/ and sign the participation agreement.
After submission, the Nakji Foundation and Uppsala Security team will assess and verify the eligible reports as fast as possible to receive a reward. Additional rewards are possible if the report includes a security fix.
Rules and Disclosure
Participants must follow the following rules in order to receive rewards:Testing should be possibleParticipants must not disclose vulnerabilities before The Nakji Security Team has verified and fixed the issuesParticipants must not have exploited the bug, nor harm anyone in the processIn the event of multiple persons reporting the same vulnerability, only the first person to report the vulnerability will be given the rewardLimit of one submission per vulnerabilityAttacks on Nakji Foundation, its employees, and/or other ecosystem participants are not permitted (this also applies to denial of service, social engineering, phishing attacks, etc.)
Bug Bounty Scope
Listed below are the assets and associated vulnerabilities within the scope of this program. Out of scope vulnerabilities will not be eligible for rewards.
Assets in ScopeConnectorsBlockchain & Smart ContractWebsite & Application
Vulnerabilities in ScopeLoss of FundsFrozen FundsIncorrect PayoutRemote Code ExecutionStolen Private DataVulnerable DependenciesDegraded or Disabled FunctionalityDegraded or Disabled PerformanceMismatched Output (does not apply to 3rd-party connectors)
About Nakji Network
Nakji Network offers the relay of information from any traditional blockchains to any off-chain that can receive on-chain data. It does this with industry-setting speed, outpacing competitors while providing an added layer of security to ensure the safety and accuracy of the data being transferred.
The Nakji Foundation oversees the Nakji Network.
About Uppsala Security
Uppsala Security built Sentinel Protocol, the first crowdsourced Threat Intelligence Platform powered by artificial intelligence, blockchain technology, and machine learning. Supporting the framework is a team of experienced cyber security professionals who have developed an award-winning suite of advanced tools and services for Crypto AML/CFT, Transaction Risk Management (KYC/KYT), Transaction Tracking, Regulatory Compliance, and Cybersecurity enabling organizations of every type and size to protect their crypto assets from malicious attacks and scams while meeting stringent regulatory compliance standards. Today Uppsala Security has over two thousand (2K+) users including government agencies, financial institutions and leading enterprises providing crypto exchanges, payment services, wallets, custodial services, gaming, and FinTech solutions.
Uppsala Security is headquartered in Singapore, and has branch offices in Seoul, South Korea and Tokyo, Japan.