Security

The security is the highest priority of Neku protocol. Our development team talents are distributed in different countries, and supervise each other as individual stakeholders. The third-party auditors and consultants have made considerable effort to ensure the Neku protocol is safe and dependable. All contract code and balances are open source and publicly verifiable, and security researchers are eligible for a bug bounty for reporting undiscovered vulnerabilities.

Audit

Certik Preliminary Audit Report (Finanal Audit Report is on they way)

Neku Finance - CertiK Security Leaderboard

Bitrise Audit Report

BRISE

Bug Bounty Program

Security is the priority of Neku Finance. Even though our team has put great effort on potential security risk detecting, undiscovered vulnerabilities are always existing.

Neku Finance encourages our community and users to research and detect potential security risks. Users can report any vulnerability they discovered in the Neku protocol to get substantial rewards. Use only official email:

Rewards

Neku will pay a reward of 50 to 1,000 $NEKU for eligible discoveries according to the terms and conditions provided below.

Disastrous - Bugs or errors that cause a system crash, token loss, smart contract unable to carry on

Reward: 1,000 $NEKU

Serious - Affect user experience such as unable to mint, trade, or errors in system logic

Reward: 500-1,000 $NEKU

Average - Display errors such as typos

Reward: 50-500 $NEKU

Mild - suggestions for improvement

Reward: 50-500 $NEKU

Vulnerabilities previously submitted by another person or identified in a published audit report are not eligible for bug bounty rewards.

Public disclosure of a vulnerability makes it ineligible for a bug bounty.

Disclosure

Submit all bug bounty disclosures to nekufinance@gmail.com The disclosure must include clear and concise steps to reproduce the discovered vulnerability in either written or video format Neku will follow up promptly with acknowledgement of the disclosure. Please do not file a public issue or discuss the vulnerability in public places like Slack, Twitter, Telegram groups, etc.

Terms and Conditions

To be eligible for bug bounty reward consideration, you must:

Identify an original, previously unreported, non-public vulnerability within the scope of the Neku bug bounty program as described above.

Include sufficient detail in your disclosure to enable our engineers to quickly reproduce, understand, and fix the vulnerability.

Be at least 18 years of age.

Report in an individual capacity, or if employed by a company, reporting with the company’s written approval to submit a disclosure to Neku.

To encourage vulnerability research and to avoid any confusion between good-faith hacking and malicious attack, we require that you:

Play by the rules, including following the terms and conditions of this program and any other relevant agreements. If there is any inconsistency between this program and any other relevant agreements, the terms of this program will prevail

Report any vulnerability you’ve discovered promptly

Avoid violating the privacy of others, disrupting our systems, destroying data, or harming user experience.

Use only nekufinance@gmail.com to discuss vulnerabilities with us.

Keep the details of any discovered vulnerabilities confidential until they are fixed.

Perform testing only on in-scope systems, and respect systems and activities which are out-of-scope.

Only interact with accounts you own or with explicit permission from the account holder.

Not engage in blackmail, extortion, or any other unlawful conduct.

When working with us according to this program, you can expect us to:

Pay generous rewards for eligible discoveries based on the severity and exploitability of the discovery, at Neku’s sole discretion

Extend Safe Harbor for your vulnerability research that is related to this program, meaning we will not threaten or bring any legal action against anyone who makes a good faith effort to comply with our bug bounty program.

Work with you to understand and validate your report, including a timely initial response to the submission.

Work to remediate discovered vulnerabilities in a timely manner.

Recognize your contribution to improving our security if you are the first to report a unique vulnerability, and your report triggers a code or configuration change.

All reward determinations, including eligibility and payment amount, are made at Neku’s sole discretion. Neku reserves the right to reject submissions and alter the terms and conditions of this program.