Ctrlk
Page cover

Bug Bounty Program

Security is foundational to Nika.

We are committed to maintaining the highest security standards for our systems and users. We invite security researchers, ethical hackers, and users to responsibly disclose vulnerabilities affecting the Nika platform.

High-impact findings will be rewarded accordingly.

Scope

We welcome submissions identifying vulnerabilities in:

  • Spot & perpetual trading logic

  • Yield accrual and accounting

  • Portfolio & balance calculations

  • Fee logic

  • Onchain transaction construction & handling

  • Authentication & session management

  • Frontend issues materially impacting funds or system state

Issues originating solely from third-party services are out of scope unless caused by Nika’s implementation.

Reporting Requirements

Reports must be submitted via in-app support or email (support@nika.finance).

Each submission must include:

  • Clear description of the issue

  • Steps to reproduce

  • Impact explanation (severity, feasibility, likelihood)

  • Screenshots, logs, or transaction hashes (if applicable)

  • Proof of Concept (required for reward eligibility)

Incomplete or non-reproducible reports may not qualify.

Rules

Participants must:

  • Not publicly disclose vulnerabilities before remediation

  • Not exploit vulnerabilities beyond proof-of-concept

  • Not access user accounts without authorization

  • Not disrupt services or degrade platform availability

  • Comply with all applicable laws

Failure to follow these guidelines may result in disqualification.

Out of Scope

The following are not eligible:

  • Issues already known internally at time of submission

  • Theoretical vulnerabilities without proof-of-concept

  • Best-practice suggestions without security impact

  • Experimental or undeployed features

  • Spam or social engineering techniques

  • Denial-of-service attacks

  • Security issues in third-party apps or websites that integrate with Nika technologies

  • Executing scripts on sandboxed domains

Severity Classification

Severity is assessed based on financial impact, exploitability, and system integrity risk.

Critical

  • Large-scale permanent loss of funds

  • Invalid or corrupted state transitions

  • Severe protocol or infrastructure compromise

High

  • Significant permanent loss of funds (limited scope)

  • Logic flaws affecting trading, settlement, or accounting

  • Authentication or permission misconfiguration with material impact

Medium

  • Limited permanent fund loss (e.g., fee miscalculation, rounding errors)

  • Temporary fund freeze affecting individual users

  • Reproducible accounting inconsistencies

Rewards

Reward amounts are determined based on severity, exploitability, and funds at risk.

  • Critical — Up to $30,000 USDC

  • High — Up to $15,000 USDC

  • Medium — Up to $5,000 USDC

  • Low — Up to $1,000 USDC + XP

Final reward amounts may vary based on:

  • Exploitability

  • Impact on funds or system integrity

  • Quality of report and proof-of-concept

Payout Terms

  • Payments may be made in USDC, USDT, or USD

  • KYC may be required

  • An invoice may be required prior to payment

  • Rewards are issued after validation and remediation

All determinations are final.

Legal

Participation in the Bug Bounty Program constitutes acceptance of Nika’s terms and confidentiality requirements. By submitting a report, you agree not to pursue claims against Nika arising from responsible disclosure conducted in good faith under this program.

Rewards, eligibility, and severity classifications are determined at Nika’s sole discretion. Participation does not create any contractual right to compensation, and all decisions are final.

PreviousSolana Transaction (TX) ModesNextFees

Last updated