# Bug Bounty Program Security is foundational to Nika. We are committed to maintaining the highest security standards for our systems and users. We invite security researchers, ethical hackers, and users to responsibly disclose vulnerabilities affecting the Nika platform. High-impact findings will be rewarded accordingly. *** ### Scope We welcome submissions identifying vulnerabilities in: * Spot & perpetual trading logic * Yield accrual and accounting * Portfolio & balance calculations * Fee logic * Onchain transaction construction & handling * Authentication & session management * Frontend issues materially impacting funds or system state Issues originating solely from third-party services are out of scope unless caused by Nika’s implementation. *** ### Reporting Requirements Reports must be submitted via in-app support or email (). Each submission must include: * Clear description of the issue * Steps to reproduce * Impact explanation (severity, feasibility, likelihood) * Screenshots, logs, or transaction hashes (if applicable) * Proof of Concept (required for reward eligibility) Incomplete or non-reproducible reports may not qualify. *** ### Rules Participants must: * Not publicly disclose vulnerabilities before remediation * Not exploit vulnerabilities beyond proof-of-concept * Not access user accounts without authorization * Not disrupt services or degrade platform availability * Comply with all applicable laws Failure to follow these guidelines may result in disqualification. *** ### Out of Scope The following are not eligible: * Issues already known internally at time of submission * Theoretical vulnerabilities without proof-of-concept * Best-practice suggestions without security impact * Experimental or undeployed features * Spam or social engineering techniques * Denial-of-service attacks * Security issues in third-party apps or websites that integrate with Nika technologies * Executing scripts on sandboxed domains *** ### Severity Classification Severity is assessed based on financial impact, exploitability, and system integrity risk. #### Critical * Large-scale permanent loss of funds * Invalid or corrupted state transitions * Severe protocol or infrastructure compromise #### High * Significant permanent loss of funds (limited scope) * Logic flaws affecting trading, settlement, or accounting * Authentication or permission misconfiguration with material impact #### Medium * Limited permanent fund loss (e.g., fee miscalculation, rounding errors) * Temporary fund freeze affecting individual users * Reproducible accounting inconsistencies *** ### Rewards Reward amounts are determined based on severity, exploitability, and funds at risk. * **Critical — Up to $30,000 USDC** * **High — Up to $15,000 USDC** * **Medium — Up to $5,000 USDC** * **Low — Up to $1,000 USDC + XP** Final reward amounts may vary based on: * Exploitability * Impact on funds or system integrity * Quality of report and proof-of-concept *** ### Payout Terms * Payments may be made in USDC, USDT, or USD * KYC may be required * An invoice may be required prior to payment * Rewards are issued after validation and remediation All determinations are final. *** ### Legal Participation in the Bug Bounty Program constitutes acceptance of Nika’s terms and confidentiality requirements. By submitting a report, you agree not to pursue claims against Nika arising from responsible disclosure conducted in good faith under this program. Rewards, eligibility, and severity classifications are determined at Nika’s sole discretion. Participation does not create any contractual right to compensation, and all decisions are final. \