Nakji Network’s 200K Bug Bounty Program

4 months ago 17

NAKJI

The Nakji Foundation

January 20, 2022

The Nakji Foundation (‘Nakji’) is launching a 200K Bug Bounty program for developers and security researchers to help discover vulnerabilities and prevent security problems in the Nakji ecosystem. Nakji is excited to work together with Uppsala Security, who has built the first crowdsourced blockchain Threat Intelligence platform.

About Nakji Network

Nakji Network offers the relay of information from any traditional blockchains to any off-chain that can receive on-chain data points. It does this with industry-setting speed, outpacing competitors while providing an added layer of security to ensure the safety and accuracy of the data being transported.

The Nakji Foundation oversees the Nakji Network.

About Uppsala Security

Uppsala Security built Sentinel Protocol, the first crowdsourced Threat Intelligence Platform powered by artificial intelligence, blockchain technology, and machine learning. Supporting the framework is a team of experienced cyber security professionals who have developed an award-winning suite of advanced tools and services for Crypto AML/CFT, Transaction Risk Management (KYC/KYT), Transaction Tracking, Regulatory Compliance, and Cybersecurity enabling organizations of every type and size to protect their crypto assets from malicious attacks and scams while meeting stringent regulatory compliance standards. Today Uppsala Security has over two thousand (2K+) users including government agencies, financial institutions and leading enterprises providing crypto exchanges, payment services, wallets, custodial services, gaming, and fintech solutions.

Uppsala Security is headquartered in Singapore, and has branch offices in Seoul, South Korea and Tokyo, Japan. [https://uppsalasecurity.com/]

The 200K Bug Bounty Program Overview

The Nakji Foundation is funding its first Bug Bounty program with up to $200,000 in rewards for vulnerabilities related to Nakji connectors, smart contracts, and websites. The primary scope of the program includes:

Remote Code ExecutionStolen Private DataLoss of FundsFrozen FundsIncorrect PayoutVulnerable DependenciesMismatched OutputDegraded or Disabled FunctionalityDegraded or Disabled Performance

Bounty Program Rewards

Bounties rewards are determined based on the severity of the bug and impact of its potential damage. This is based on the Common Vulnerability Scoring System that will be approved by Uppsala Security.

Severity Level, Rewards, and Examples:

Severe (up to $100,000): Loss of funds, incorrect payout, remote code executionHigh ($10,000): Private information being stolen, smart contract or connector functionality being disruptedMedium ($1,000): Connector performance degradationLow ($500) Mismatched outputNone: ($0)

Determination of rewards are at the discretion of the Nakji Foundation and Uppsala Security and all applicable laws. We take into consideration all variables in determining severity and reward amount. Participants are responsible for all taxes for rewards.

Submit a Bug

To submit a report, please send an email to security@nakji.com with the following formatted sections along with any Proof of Concept (PoC).

SummarySteps to ReproduceSupporting Material and References

In addition, participants will also need to be registered through The Nakji Foundation’s KYC platform at https://kyc.nakji.network/ and sign the participation agreement.

After submission, our team and Uppsala Security will assess and verify the reports as fast as possible to receive a reward. Additional reward is possible if the report includes a security fix.

Rules and Disclosure

Participants must follow these rules in order to receive rewards:

Testing shouldParticipants must not disclose vulnerabilities before The Nakji Security Team has verified and fixed the issuesParticipants must not have exploited the bug, nor harm anyoneIn the event of multiple persons reporting the same vulnerability, only the first person to report the vulnerability will be given the rewardLimit of one submission per vulnerabilityAttacks on Nakji Foundation, its employees, and/or other ecosystem participants are not permitted (this also applies to denial of service, social engineering, phishing attacks, etc.)

Bug Bounty Scope

Listed below are the assets and associated vulnerabilities within the scope of this program. Out of scope vulnerabilities will not be eligible for rewards.

Assets in Scope

ConnectorsBlockchain & Smart ContractWebsite & Application

Vulnerabilities in Scope

Loss of FundsRemote Code ExecutionStolen Private DataFrozen FundsIncorrect PayoutVulnerable DependenciesDegraded or Disabled FunctionalityDegraded or Disabled PerformanceMismatched Output (does not apply to 3rd-party connectors)
Read Entire Article