The security of Arkadiko’s systems is of the highest priority for our team and the Bug Bounty Program is a key component of our strategy to maximize security. We’ll reward you for helping us make the system as invulnerable as possible. Happy hunting!

The submitted issue needs to meet a minimum severity standard of Low as described below in order to qualify for a reward. A successfully-reviewed submission will receive a reward in DIKO tokens based on the classified severity of the issue.

Low:

• An issue that could theoretically cause a loss of less than 1% of the protocol funds, damage the protocol state, or cause severe user dissatisfaction or moderate technical failure.
• Up to 50.000 DIKO

Medium:

• An issue that could cause the immediate loss of protocol funds between 1% and 10%, or severely damage the protocol state.
• Up to 200.000 DIKO

High:

• An issue that could cause immediate loss of over 10% of the protocol funds or permanently impair the protocol state.
• Up to 500.000 DIKO

• The scope of the Bug Bounty program spans smart contracts utilized in the Arkadiko ecosystem – the Clarity smart contracts in the contracts folder of the master branch of the arkadiko repo, excluding any contracts used in a test-only capacity (including test-only deployments)
• You must be the first to report a non-public vulnerability
• You must provide sufficient information to enable our engineers to reproduce and fix the vulnerability
• You must not engage in any unlawful conduct when disclosing the bug, including through threats, demands, or any other coercive tactics
• Do not exploit the vulnerability in any way, including through making it public or by obtaining a profit
• Do not submit a vulnerability caused by an underlying issue that is the same as an issue on which a reward has been paid under this Bug Bounty Program
• Rewards will vary depending on the severity of the issue. Other variables considered for rewards include: the quality of the issue description, the instructions for reproducibility, and the quality of the fix if included
• Rewards will be decided on a case by case basis and the Bug Bounty Program terms are at the sole discretion of Arkadiko

When you discover a vulnerability, please write a detailed report and send it to security@arkadiko.finance.

Do not reveal any information about the issue and do not take advantage of it in any way.

We will respond to your report within 5 business days and handle it with strict confidentiality. While we investigate the issue and implement a solution, we will keep you informed about the progress. Once the vulnerability is solved we will make sure you receive your reward.