The Nakji Foundation
January 20, 2022
The Nakji Foundation (‘Nakji’) is launching a 200K Bug Bounty program for developers and security researchers to help discover vulnerabilities and prevent security problems in the Nakji ecosystem. Nakji is excited to work together with Uppsala Security, who has built the first crowdsourced blockchain Threat Intelligence platform.
About Nakji Network
Nakji Network offers the relay of information from any traditional blockchains to any off-chain that can receive on-chain data points. It does this with industry-setting speed, outpacing competitors while providing an added layer of security to ensure the safety and accuracy of the data being transported.
The Nakji Foundation oversees the Nakji Network.
About Uppsala Security
Uppsala Security built Sentinel Protocol, the first crowdsourced Threat Intelligence Platform powered by artificial intelligence, blockchain technology, and machine learning. Supporting the framework is a team of experienced cyber security professionals who have developed an award-winning suite of advanced tools and services for Crypto AML/CFT, Transaction Risk Management (KYC/KYT), Transaction Tracking, Regulatory Compliance, and Cybersecurity enabling organizations of every type and size to protect their crypto assets from malicious attacks and scams while meeting stringent regulatory compliance standards. Today Uppsala Security has over two thousand (2K+) users including government agencies, financial institutions and leading enterprises providing crypto exchanges, payment services, wallets, custodial services, gaming, and fintech solutions.
Uppsala Security is headquartered in Singapore, and has branch offices in Seoul, South Korea and Tokyo, Japan. [https://uppsalasecurity.com/]
The 200K Bug Bounty Program Overview
The Nakji Foundation is funding its first Bug Bounty program with up to $200,000 in rewards for vulnerabilities related to Nakji connectors, smart contracts, and websites. The primary scope of the program includes:
- Remote Code Execution
- Stolen Private DataLoss of Funds
- Frozen Funds
- Incorrect Payout
- Vulnerable Dependencies
- Mismatched Output
- Degraded or Disabled Functionality
- Degraded or Disabled Performance
Bounty Program Rewards
Bounties rewards are determined based on the severity of the bug and impact of its potential damage. This is based on the Common Vulnerability Scoring System that will be approved by Uppsala Security.
Severity Level, Rewards, and Examples:
- Severe (up to $100,000): Loss of funds, incorrect payout, remote code execution
- High ($10,000): Private information being stolen, smart contract or connector functionality being disrupted
- Medium ($1,000): Connector performance degradation
- Low ($500) Mismatched output
- None: ($0)
Determination of rewards are at the discretion of the Nakji Foundation and Uppsala Security and all applicable laws. We take into consideration all variables in determining severity and reward amount. Participants are responsible for all taxes for rewards.
Submit a Bug
To submit a report, please send an email to security@nakji.network with the following formatted sections along with any Proof of Concept (PoC).
- Summary
- Steps to Reproduce
- Supporting Material and References
In addition, participants will also need to be registered through The Nakji Foundation’s KYC platform at https://kyc.nakji.network/ and sign the participation agreement.
After submission, our team and Uppsala Security will assess and verify the reports as fast as possible to receive a reward. Additional reward is possible if the report includes a security fix.
Rules and Disclosure
Participants must follow these rules in order to receive rewards:
- Testing should
- Participants must not disclose vulnerabilities before The Nakji Security Team has verified and fixed the issues
- Participants must not have exploited the bug, nor harm anyone
- In the event of multiple persons reporting the same vulnerability, only the first person to report the vulnerability will be given the reward
- Limit of one submission per vulnerability
- Attacks on Nakji Foundation, its employees, and/or other ecosystem participants are not permitted (this also applies to denial of service, social engineering, phishing attacks, etc.)
Bug Bounty Scope
Listed below are the assets and associated vulnerabilities within the scope of this program. Out of scope vulnerabilities will not be eligible for rewards.
Assets in Scope
- Connectors
- Blockchain & Smart Contract
- Website & Application
Vulnerabilities in Scope
- Loss of Funds
- Remote Code Execution
- Stolen Private Data
- Frozen Funds
- Incorrect Payout
- Vulnerable Dependencies
- Degraded or Disabled Functionality
- Degraded or Disabled Performance
- Mismatched Output (does not apply to 3rd-party connectors)