Nakji Network’s 200K Bug Bounty Program

NAKJI
3 min readJan 20, 2022

--

The Nakji Foundation

January 20, 2022

The Nakji Foundation (‘Nakji’) is launching a 200K Bug Bounty program for developers and security researchers to help discover vulnerabilities and prevent security problems in the Nakji ecosystem. Nakji is excited to work together with Uppsala Security, who has built the first crowdsourced blockchain Threat Intelligence platform.

About Nakji Network

Nakji Network offers the relay of information from any traditional blockchains to any off-chain that can receive on-chain data points. It does this with industry-setting speed, outpacing competitors while providing an added layer of security to ensure the safety and accuracy of the data being transported.

The Nakji Foundation oversees the Nakji Network.

About Uppsala Security

Uppsala Security built Sentinel Protocol, the first crowdsourced Threat Intelligence Platform powered by artificial intelligence, blockchain technology, and machine learning. Supporting the framework is a team of experienced cyber security professionals who have developed an award-winning suite of advanced tools and services for Crypto AML/CFT, Transaction Risk Management (KYC/KYT), Transaction Tracking, Regulatory Compliance, and Cybersecurity enabling organizations of every type and size to protect their crypto assets from malicious attacks and scams while meeting stringent regulatory compliance standards. Today Uppsala Security has over two thousand (2K+) users including government agencies, financial institutions and leading enterprises providing crypto exchanges, payment services, wallets, custodial services, gaming, and fintech solutions.

Uppsala Security is headquartered in Singapore, and has branch offices in Seoul, South Korea and Tokyo, Japan. [https://uppsalasecurity.com/]

The 200K Bug Bounty Program Overview

The Nakji Foundation is funding its first Bug Bounty program with up to $200,000 in rewards for vulnerabilities related to Nakji connectors, smart contracts, and websites. The primary scope of the program includes:

  • Remote Code Execution
  • Stolen Private DataLoss of Funds
  • Frozen Funds
  • Incorrect Payout
  • Vulnerable Dependencies
  • Mismatched Output
  • Degraded or Disabled Functionality
  • Degraded or Disabled Performance

Bounty Program Rewards

Bounties rewards are determined based on the severity of the bug and impact of its potential damage. This is based on the Common Vulnerability Scoring System that will be approved by Uppsala Security.

Severity Level, Rewards, and Examples:

  • Severe (up to $100,000): Loss of funds, incorrect payout, remote code execution
  • High ($10,000): Private information being stolen, smart contract or connector functionality being disrupted
  • Medium ($1,000): Connector performance degradation
  • Low ($500) Mismatched output
  • None: ($0)

Determination of rewards are at the discretion of the Nakji Foundation and Uppsala Security and all applicable laws. We take into consideration all variables in determining severity and reward amount. Participants are responsible for all taxes for rewards.

Submit a Bug

To submit a report, please send an email to security@nakji.network with the following formatted sections along with any Proof of Concept (PoC).

  • Summary
  • Steps to Reproduce
  • Supporting Material and References

In addition, participants will also need to be registered through The Nakji Foundation’s KYC platform at https://kyc.nakji.network/ and sign the participation agreement.

After submission, our team and Uppsala Security will assess and verify the reports as fast as possible to receive a reward. Additional reward is possible if the report includes a security fix.

Rules and Disclosure

Participants must follow these rules in order to receive rewards:

  • Testing should
  • Participants must not disclose vulnerabilities before The Nakji Security Team has verified and fixed the issues
  • Participants must not have exploited the bug, nor harm anyone
  • In the event of multiple persons reporting the same vulnerability, only the first person to report the vulnerability will be given the reward
  • Limit of one submission per vulnerability
  • Attacks on Nakji Foundation, its employees, and/or other ecosystem participants are not permitted (this also applies to denial of service, social engineering, phishing attacks, etc.)

Bug Bounty Scope

Listed below are the assets and associated vulnerabilities within the scope of this program. Out of scope vulnerabilities will not be eligible for rewards.

Assets in Scope

  • Connectors
  • Blockchain & Smart Contract
  • Website & Application

Vulnerabilities in Scope

  • Loss of Funds
  • Remote Code Execution
  • Stolen Private Data
  • Frozen Funds
  • Incorrect Payout
  • Vulnerable Dependencies
  • Degraded or Disabled Functionality
  • Degraded or Disabled Performance
  • Mismatched Output (does not apply to 3rd-party connectors)

--

--

NAKJI
NAKJI

Written by NAKJI

The answer to getting blockchain data fast and easy from all things Web 3.0