Dear Users, to ensure a secure protocol for users as Noso continues to expand, we are mobilizing the expertise of the community to maximize the security of our Noso Protocol. We have established a bug and security feedback reward mechanism on June 1, 2023, to provide security experts with incentives for security advice and vulnerability analysis.
Rules Rewards are divided into four tiers, depending on their severity. Each tier has different rewards (in NOSO).
Please note that the threat level will be determined by our Governers board, and that GVT members have sole discretion in deciding whether a report meets the reward criteria.
Scope of Vulnerabilities The modules within the scope of reporting are as follows:
Target Type Noso Protocol
Criteria We are mostly interested in the following vulnerabilities:
IN-SCOPE VULNERABILITIES (but not limited to)
Problems with business logic that may result in the loss of user assets. Payment manipulation. Remote code execution (RCE). Leakage of sensitive information. Critical OWASP issues such as XSS, CSRF, SQLi, SSRF, IDOR, and others. Other vulnerabilities that may result in potential loss. Theoretical loopholes that are not actually proven. Password flaws, and issues with password complexity policies. Zero-day exploits that are less than 30 days old. Social engineering, phishing, and other forms of deception. Using known codebase vulnerabilities without actual proof. Issues related to insecure SSL/TLS socket or protocol versions. Issues with no security impact. Behavior that disrupts normal operation. Issues with installation path permissions.