This section will give you an overview of the Narkasa Bug Bounty Program. Narkasa offers rewards for significant bugs pursuant to this Program.
Despite the efforts put forth by our team of specialists in eliminating all bugs in our systems it is impossible to detected all bugs. Therefore there is always a possibility that we may have missed one, that poses a critical threat and vulnerability. In the case that you come across a bug, we would appreciate your cooperation by responsibly examining and reporting the threat back to us , so that we can address it as soon as possible. For detection of critical bugs, we offer a reward and recognition in the list below.
Responsible Investigation and Reporting
Mindful examination and reporting includes, but isn't constrained to, the following:
Do not damage the privacy of other users, annihilate data, disrupt our services, etc.
Do not target anyone’s accounts but your account within the process of examining the bug. Do not target, try to access, or disrupt the accounts of other users.
Don't target our physical security measures, or attempt to utilize social engineering, spam, distributed denial of service (DDOS) assaults, etc.
Initially report the bug as it were to us and do not report to anyone else.
Give us a sensible sum of time to solve the bug before unveiling it to anyone else, and provide us adequate written caution before uncovering it to anyone else.
In common, it would be ideal if you investigate and report bugs in a way that makes a sensible, good faith effort not to be troublesome or harmful to us or our users. Otherwise you will not help us but damage our trust in you.The Bug Bounty programme is for the security of our users and is meant to be done with a good intentions.
Eligibility
For the most part speaking, any bug that poses a critical vulnerability, either to the security of our site or the integrity of our exchanging system, might be qualified for reward. But it's only our conclusion to decide whether a bug is significant enough to be qualified for reward.
Security issues that regularly would be qualified (though not necessarily in all cases) include:
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Code İnjection
- Remote Code Execution
- Privilege Escalation
- Authentication Bypass
- Clickjacking
Leakage of Sensitive Data
Ineligibility
Things that are not eligible for reward include:
- Vulnerabilities on locales hosted by third parties (support.narkasa.com, etc) unless they lead to a vulnerability on the main website.
- Vulnerabilities unexpected on physical assault, social engineering, spamming, DDOS assault, etc.
- Vulnerabilities affecting outdated or unpatched browsers. Vulnerabilities in third party applications that make use of Narkasa's API.
- Bugs that have not been capably examined and reported.
- Bugs already known to us, or already detailed by somebody else (reward goes to first reporter).
- Issues that aren't reproducible. Issues that we can't sensibly be anticipated to do anything about.
Reward
The least reward for qualified bugs is the identical of 100 USD in USDT. Rewards will be paid out in USDT. Rewards over the least are at our discretion, but we'll pay essentially more for particularly genuine issues. Only one reward per bug.
Once your submission is accepted, please provide either of the following to receive your reward:
You email address registered in Narkasa or your USDT wallet address
How to Report a Bug
Send your bug report to [email protected]. Try to incorporate as many details in your report as you possibly can. Such as; description of the bug, it's potential effect, steps for replicating it, and/or verification of concept. please include your name, and a link if you would like for it to appear on our list. Please include your USDT address for payment.
Wall of Fame |
MD15 |
Talha |
Marzuki |
NG |