# Noso Protocol Bug Bounty Program

## <mark style="color:yellow;">Overview:</mark>

Dear Users, to ensure a secure protocol for users as Noso continues to expand, we are mobilizing the expertise of the community to maximize the security of our Noso Protocol. We have established a bug and security feedback reward mechanism on June 1, 2023, to provide security experts with incentives for security advice and vulnerability analysis.

Rules Rewards are divided into four tiers, depending on their severity. Each tier has different rewards (in NOSO).

<mark style="color:red;">**Critical: 3,000 - 5,000 NOSO High: 900 - 2,000 NOSO Medium: 300 - 500 NOSO Low: 50 - 150 NOSO**</mark>

{% hint style="info" %}
Please note that the threat level will be determined by our Governers board, and that GVT members have sole discretion in deciding whether a report meets the reward criteria.
{% endhint %}

## <mark style="color:yellow;">Scope of Vulnerabilities The modules within the scope of reporting are as follows:</mark>

## <mark style="color:red;">Target Type Noso Protocol</mark>

* NosoNode
* NosoLite
* NosoMobile

Criteria We are mostly interested in the following vulnerabilities:

IN-SCOPE VULNERABILITIES (but not limited to)

Problems with business logic that may result in the loss of user assets. Payment manipulation. Remote code execution (RCE). Leakage of sensitive information. Critical OWASP issues such as XSS, CSRF, SQLi, SSRF, IDOR, and others. Other vulnerabilities that may result in potential loss. Theoretical loopholes that are not actually proven. Password flaws, and issues with password complexity policies. Zero-day exploits that are less than 30 days old. Social engineering, phishing, and other forms of deception. Using known codebase vulnerabilities without actual proof. Issues related to insecure SSL/TLS socket or protocol versions. Issues with no security impact. Behavior that disrupts normal operation. Issues with installation path permissions.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nosocoin.com/noso-documentation/bug-bounty-program/noso-protocol-bug-bounty-program.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.