dKargo Docs
dKargo.ioWhitepaper
Docs ENG
Docs ENG
  • Welcome to dKargo
  • Run dKargo Node
    • Chain RPC
    • Installation Guide
    • Types of Chain Node
    • Full Node
    • Archive Full Node
    • Validator Node
  • Wallet Setup
    • Connectiong to MetaMask
    • Creating a wallet
    • Importing a Wallet
    • Adding the dKargo Network
  • Validator Operations
    • Validator Staking
    • Staking
    • Unstaking
    • Claim
  • Deploy Contract
    • How to deploy a contract
    • Deploying a Contract Using Remix-IDE
    • Deploying a Contract Using Hardhat
    • Deploying a Contract Using Foundry
  • ERC-20 BRIDGING
    • ERC-20 Bridging
    • Standard Gateway
    • Generic-custom Gateway
    • Custom Gateway
  • DKA Bridging
    • DKA Bridging
    • DKA Deposit
    • DKA Withdraw
  • Faucet
    • Faucet for Testnet Tokens
    • Claiming Testnet Tokens
  • Chain Snapshot
    • Download the Latest Chain Snapshot
  • Contract Address
    • Contract Address List
  • Bug Bounty
    • Bug Bounty Program
Powered by GitBook
On this page
  • Bug Bounty Program Overview
  • Severity Levels and Rewards
  • Eligible Bug Criteria
  • Ineligible Bug Criteria
  • How to Submit a Bug Bounty Report
  1. Bug Bounty

Bug Bounty Program

PreviousContract Address List

Last updated 1 month ago

Bug Bounty Program Overview

The dKargo Bug Bounty Program is designed to enhance the security and stability of both our Testnet and Mainnet. This document outlines the program's purpose, evaluation criteria, reward structure, and submission procedures.

Severity Levels and Rewards

Bug severity is classified into four levels based on its potential impact on the mainnet.

Severity
Description and Examples
Rewards

Critical

  • Vulnerabilities that can disable core system functions or be exploited

  • Severe security threats such as network downtime, asset theft, or significant data tampering

$2,000

High

  • Vulnerabilities that can impact service functionality

  • Issues like data manipulation, API security flaws, or potential exploitation of the Faucet system

  • Bugs that can directly affect service operations

$700

Medium

  • Vulnerabilities that cause specific functions to behave unexpectedly or negatively impact user experience

  • Examples include node execution errors, technical inaccuracies in documentation, or deposit/withdrawal issues

$200

Low

  • Issues that do not affect system security but involve minor bugs such as UI/UX issues, typos, visual errors, or process flow defects

  • Suggestions for overall quality improvement of the service

$25

Eligible Bug Criteria

A bug report will be considered eligible if it meets the following conditions.

  • The issue must be exploitable by a real user or attacker in the normal operating environment and default settings of the L3 mainnet.

  • The bug must be reproducible and objectively verifiable, posing a threat to the system’s security or reliability to be deemed eligible.

  • Logical flaws that can cause system malfunctions, if they can be clearly exploited (e.g., akin to a DDoS attack), may be considered eligible.

  • Whether the issue occurs on a single node, client, or the entire network, its impact must be clear and accompanied by a realistic threat scenario in an operational environment.

  • Technical flaws or configuration errors present in the latest release or documentation will be evaluated for eligibility based on their impact.

Ineligible Bug Criteria

The following items are excluded from the Bug Bounty Program.

  • Attacks requiring physical access or those that exhaust system resources through excessive traffic (e.g., DDoS attacks) fall outside the scope of typical software vulnerabilities and are excluded from the Bug Bounty Program.

  • Reports lacking sufficient details—such as step-by-step instructions, reproducible examples, or proof of concept—will be excluded.

  • Issues that only occur in outdated or unsupported browsers, vulnerabilities already publicly known, or problems already identified internally by the team will not qualify for rewards if reported as duplicates.

  • Vulnerabilities requiring excessive user intervention (e.g., bugs that need complex manipulation to trigger), simple security configuration suggestions, best practice recommendations, or theoretical reports without proof of concept are considered ineligible.

  • Incidents are not included in bug reports. An incident refers to a situation where the entire system or a major function temporarily stops working, affecting multiple users simultaneously. Such issues may arise from external factors beyond the control of developers or security experts (e.g., server downtime or network issues).

How to Submit a Bug Bounty Report

  1. While there is no specific template, your submission must include the following details

Category
Content

Bug Title

A concise title describing the bug.

Bug Description

  • A detailed explanation of the bug, including what the issue is and its potential impact.

  • Be as specific as possible.

Step-by-Step Reproduction

  • A detailed explanation of the bug, including what the issue is and its potential impact.

  • Be as specific as possible.

Impact

The impact of the bug on the system.

Severity

The severity level based on the defined severity categories.

Supporting Materials

Evidence to substantiate the bug (e.g., screenshots, videos).

  1. Please compile the above information into a document and send it to hello@dkargo.io.