Bug Bounty Program
Help us find any bugs or vulnerabilities and improve our wonderful ecosystem.

Introduction

Welcome to Hakka Finance’s Bug Bounty Program. Every day, we develop new ways to ensure safety and security with the best product possible. We are calling on our community to help us find any bugs or vulnerabilities. This helps maintain and improve our wonderful ecosystem.
Submit a bug here and earn a reward of up to 16,000 USD worth of HAKKA. Please see our Bounty Table & Rules section for more details.

Bounty Table

Please use this structured bounty table for general guidance. All final decisions are at the discretion of the Core Hakka Team. There are three different phases of Hakka Finance’s smart contracts: Production Phase / Staging Phase / Draft Phase.
Production phase refers to the operating smart contracts of Hakka Finance’s official products/platforms. Following table is the bug bounty of production phase:

Bounty of Production Phase Bugs

Staging phase refers to the alpha version or pre-launch stage’s smart contracts. There will be some deductions for the bounty of bugs discovered in the staging phase.

Bounty of Staging Phase Bugs

Draft phase refers to fresh smart contracts that are just developed and saying hello to the world. Bugs reported in the draft phase will be considered as development contributions. There will be no official bounty for the bugs reported in this phase, but there might be some rewards for those with extraordinary contributions.
As long as the bounty program is announced, the total token reward quota is capped at 6,000,000 HAKKA.

Vulnerabilities Classification

Critical

An issue that might cause immediate loss of > 10% of the funds or permanent impairment of the protocol state.

High

An issue that might cause immediate loss of <10% of the funds, or severely damage the protocol state.

Medium

An issue that might theoretically cause minimal loss of funds, damage the protocol state, or cause severe user dissatisfaction.

Low

An issue that might cause user dissatisfaction or minimal failure.

Bounty Scope

The bug bounty will be applicable for the following repositories, sources, and sites:

References

Report a Bug

Email [email protected] to report the bug you found in [Bug Report Form].
Please follow the form below and try to be as specific and clear as possible. We will be in touch as soon as possible after receiving the form. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
On the other hand, another channel is also opened to report a bug and get direct contact with the lead developer, Ping Chen. Reporters may send a direct message to @artistic709 on telegram. Reports to this channel should also follow the [Bug Report Form] to be regarded as valid bug reports.

[Bug Report Form]

  1. 1.
    Your Name:
  2. 2.
    Your Email:
  3. 3.
    Bug Description:
  4. 4.
    Vulnerability:
  5. 5.
    Components affected:
  6. 6.
    Reproduction of the issue:
  7. 7.
    Other details:

Response Targets

Core Hakka Team will make the best effort to meet the following SLAs for hackers participating in our program:
We’ll try to keep you informed about our progress throughout the process.

Terms and Conditions

  1. 1.
    By providing a submission or agreeing to the program terms, you agree that you may not publicly disclose your findings or the contents of your submission to any third parties in any way without the Core Hakka Team’s prior written approval.
  2. 2.
    You may be eligible to receive a bounty reward if you are the first person to submit a product vulnerability.
  3. 3.
    If you want to add more information to a provided issue, create a new submission giving reference to the initial one.
  4. 4.
    Rewards will be decided on a case by case basis and the bug bounty program, terms, and conditions are at the sole discretion of Hakka Finance.
  5. 5.
    Rewards will vary depending on the severity of the issue. Other variables considered for rewards include the quality of the issue description, the instructions for reproducibility, and the quality of the fix (if included).
  6. 6.
    Core Hakka Team retains the right to determine if the bug submitted to Hakka Bug Bounty Program is eligible.
  7. 7.
    Submissions need to be related to the Bounty Scope. Submissions out of the Bounty Scope won’t be eligible for a reward.
  8. 8.
    Any interference with the protocol, client, or platform services, on purpose or not during the process will make the submission process invalid.
  9. 9.
    Hakka Finance Bug Bounty Program, including its policies, is subject to change or cancellation by Hakka Finance at any time, without notice. As such, Hakka Finance may amend these Program Terms and/or its policies at any time by posting a revised version on our Hakka Wiki. By continuing to participate in Hakka Finance Bug Bounty Program after we post any such changes, you accept the Program Terms, as modified.
  10. 10.
    Our bug bounty follows a similar approach as Ethereum Bug Bounty. The severity of the issues will be based according to the OWASP risk rating model based on Impact and Likelihood.
  11. 11.
    It is mandatory to read and follow the responsible disclosure policy available in the references. Submissions not following the disclosure policy will not be eligible for a reward.
  12. 12.
    While researching, we’d like to ask you to refrain from:
  • Denial of service
  • Spamming
  • Social engineering (including phishing) of HAKKA staff or contractors
  • Any physical attempts against property or data centers of Hakka Finance
Last modified 10mo ago