The Nakji Foundation is launching a $200,000 Bug Bounty program for developers and security researchers in order to “help discover vulnerabilities and prevent security problems in the Nakji ecosystem.”
Nakji Network is pleased to work cooperatively with Uppsala Security, which has built what they claim to be “the first blockchain based crowdsourced Threat Intelligence platform.”
The 200K USD Bug Bounty Program Overview
The Nakji Foundation is reportedly “funding its first Bug Bounty program with up to $200,000 USD in rewards for vulnerabilities related to Nakji connectors, smart contracts, and websites.”
The primary scope of the program includes:
- Loss of Funds
- Frozen Funds
- Incorrect Payout
- Remote Code Execution
- Stolen Private Data
- Vulnerable Dependencies
- Degraded or Disabled Functionality
- Degraded or Disabled Performance
- Mismatched Output
Bounties rewards are determined “based on the severity of the bug and impact of its potential damage.” This is based on “the Common Vulnerability Scoring System that will be approved by Uppsala Security.”
Severity Level, Rewards, and Examples:
- Critical (up to $100,000 USD): Loss of funds, incorrect payout, remote code execution
- High ($10,000 USD): Private information being stolen, smart contract or connector functionality being disrupted
- Medium ($1,000 USD): Connector performance degradation
- Low ($500 USD) Mismatched output
- None: ($0 USD)
Determination of rewards are “at the discretion of the Nakji Foundation, Uppsala Security and all applicable laws,” the update clarified.
The teams takes into consideration “all variables in determining the severity and the reward amount.” Participants are “responsible for all taxes for the rewards,” the announcement confirmed.
In order to submit a report, you should send a message to security@nakji.com with these details (check here).
As noted in the update, the participants must follow the following rules in order to receive rewards:
- Participants “must not disclose vulnerabilities before The Nakji Security Team has verified and fixed the issues”
- Participants “must not have exploited the bug, nor harm anyone in the process”
- In the event of multiple persons reporting the same vulnerability, “only the first person to report the vulnerability will be given the reward”
- Limit of “one submission per vulnerability”
- Attacks on Nakji Foundation, its employees, and/or other ecosystem participants are “not permitted (this also applies to denial of service, social engineering, phishing attacks, etc.)”
Bug Bounty Scope
Listed below are the assets and associated vulnerabilities “within the scope of this program.”
Out of scope vulnerabilities will “not be eligible for rewards,” the update clarified.
Assets in Scope
- Connectors
- Blockchain & Smart Contract
- Website & Application
Vulnerabilities in Scope
- Loss of Funds
- Frozen Funds
- Incorrect Payout
- Remote Code Execution
- Stolen Private Data
- Vulnerable Dependencies
- Degraded or Disabled Functionality
- Degraded or Disabled Performance
- Mismatched Output (does not apply to 3rd-party connectors)
As noted in a release, Nakji Network offers the relay of information from any traditional blockchains “to any off-chain that can receive on-chain data.” It does this “with industry-setting speed, outpacing competitors while providing an added layer of security to ensure the safety and accuracy of the data being transferred.” The Nakji Foundation “oversees the Nakji Network.”
As covered, Uppsala Security built Sentinel Protocol, the first crowdsourced Threat Intelligence Platform “powered by artificial intelligence, blockchain technology, and machine learning.”
Supporting the framework is a team of experienced cyber security professionals who have developed a suite of advanced tools and services for Crypto AML/CFT, Transaction Risk Management (KYC/KYT), Transaction Tracking, Regulatory Compliance, and Cybersecurity “enabling organizations of every type and size to protect their crypto assets from malicious attacks and scams while meeting stringent regulatory compliance standards.”