NODO AI Vault Security Bounty Program

NODO is partnering with FailSafe, a leading Web3 security firm, to launch the NODO Bug Bounty Program — an initiative that invites ethical hackers and security researchers to help us discover and responsibly disclose potential vulnerabilities.

By participating, you’re helping make NODO safer for everyone — and you’ll be rewarded for valid, high-impact findings.

Purpose of the Program

The Bug Bounty Program is designed to:

  • Encourage responsible security research on NODO’s infrastructure.

  • Strengthen the protection of users, funds, and data.

  • Recognize and reward meaningful contributions to our platform’s safety.

Who Can Participate

Anyone with technical or cybersecurity expertise is welcome to join. You don’t need to be a NODO or FailSafe team member — as long as you act responsibly and follow the rules, you’re eligible for rewards.

How to Participate

  1. Identify a Valid Vulnerability Look for security vulnerabilities on NODO’s production systems, APIs, or web applications.

  2. Prepare a Detailed Report Include:

    1. Type and impact of the vulnerability

    2. Steps to reproduce (screenshots, proof-of-concept, or commands)

    3. Affected endpoints or components

  3. Submit Your Report Send your findings to [email protected], cc: [email protected] with the subject line: “Bug Bounty: nodo.xyz”

  4. Wait for Review FailSafe will acknowledge your submission within 48 hours and begin triage.

  5. Receive Your Reward Once the issue is verified and fixed, rewards will be paid based on severity and report quality.

Reward Structure

Severity

Example Impact

Reward (USD)

Critical

Direct fund loss or permanent system compromise

To be confirmed (case by case)

High

Major loss of control or fund freeze

$5,000 – $10,000

Medium

Temporary service impact or limited oracle manipulation

$500 – $5,000

Low

Informational or non-exploitable issue

Recognition or special rewards

Final reward decisions are made jointly by FailSafe and NODO based on impact and quality.

Rules of Engagement

To qualify for rewards, participants must:

  • Avoid exploiting vulnerabilities beyond proof-of-concept.

  • Never access or modify user data.

  • Avoid any action that degrades service or impacts other users.

  • Keep findings confidential until the issue is resolved.

  • Use only your own test accounts or data.

Violations of these principles may disqualify your submission.

Our Commitment

  • Legal Safe Harbor: Researchers acting in good faith and following the rules will not face legal action.

  • Confidential Handling: Reports are reviewed privately, and researchers may request public acknowledgment once resolved.

  • Continuous Improvement: Every valid submission helps make NODO more secure for the entire community.

Contact

If you’ve found a security issue or have any questions about the program: Email: [email protected], cc: [email protected] Subject: Bug Bounty: nodo.xyz

PreviousLeveling Up NODO CommunityNextUser Policy

Last updated