# Bug Bounty Program Security is foundational to Nika. We are committed to maintaining the highest security standards for our systems and users. We invite security researchers, ethical hackers, and users to responsibly disclose vulnerabilities affecting the Nika platform. High-impact findings will be rewarded accordingly. *** ### Scope We welcome submissions identifying vulnerabilities in: * Spot & perpetual trading logic * Yield accrual and accounting * Portfolio & balance calculations * Fee logic * Onchain transaction construction & handling * Authentication & session management * Frontend issues materially impacting funds or system state Issues originating solely from third-party services are out of scope unless caused by Nika’s implementation. *** ### Reporting Requirements Reports must be submitted via in-app support or email (). Each submission must include: * Clear description of the issue * Steps to reproduce * Impact explanation (severity, feasibility, likelihood) * Screenshots, logs, or transaction hashes (if applicable) * Proof of Concept (required for reward eligibility) Incomplete or non-reproducible reports may not qualify. *** ### Rules Participants must: * Not publicly disclose vulnerabilities before remediation * Not exploit vulnerabilities beyond proof-of-concept * Not access user accounts without authorization * Not disrupt services or degrade platform availability * Comply with all applicable laws Failure to follow these guidelines may result in disqualification. *** ### Out of Scope The following are not eligible: * Issues already known internally at time of submission * Theoretical vulnerabilities without proof-of-concept * Best-practice suggestions without security impact * Experimental or undeployed features * Spam or social engineering techniques * Denial-of-service attacks * Security issues in third-party apps or websites that integrate with Nika technologies * Executing scripts on sandboxed domains *** ### Severity Classification Severity is assessed based on financial impact, exploitability, and system integrity risk. #### Critical * Large-scale permanent loss of funds * Invalid or corrupted state transitions * Severe protocol or infrastructure compromise #### High * Significant permanent loss of funds (limited scope) * Logic flaws affecting trading, settlement, or accounting * Authentication or permission misconfiguration with material impact #### Medium * Limited permanent fund loss (e.g., fee miscalculation, rounding errors) * Temporary fund freeze affecting individual users * Reproducible accounting inconsistencies *** ### Rewards Reward amounts are determined based on severity, exploitability, and funds at risk. * **Critical — Up to $30,000 USDC** * **High — Up to $15,000 USDC** * **Medium — Up to $5,000 USDC** * **Low — Up to $1,000 USDC + XP** Final reward amounts may vary based on: * Exploitability * Impact on funds or system integrity * Quality of report and proof-of-concept *** ### Payout Terms * Payments may be made in USDC, USDT, or USD * KYC may be required * An invoice may be required prior to payment * Rewards are issued after validation and remediation All determinations are final. *** ### Legal Participation in the Bug Bounty Program constitutes acceptance of Nika’s terms and confidentiality requirements. By submitting a report, you agree not to pursue claims against Nika arising from responsible disclosure conducted in good faith under this program. Rewards, eligibility, and severity classifications are determined at Nika’s sole discretion. Participation does not create any contractual right to compensation, and all decisions are final. \
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://nikafinance.gitbook.io/docs/reference/bug-bounty-program.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.