# NODO AI Vault Security Bounty Program

NODO is partnering with FailSafe, a leading Web3 security firm, to launch the NODO Bug Bounty Program — an initiative that invites ethical hackers and security researchers to help us discover and responsibly disclose potential vulnerabilities.

By participating, you’re helping make NODO safer for everyone — and you’ll be rewarded for valid, high-impact findings.

#### Purpose of the Program

The Bug Bounty Program is designed to:

* Encourage responsible security research on NODO’s infrastructure.
* Strengthen the protection of users, funds, and data.
* Recognize and reward meaningful contributions to our platform’s safety.

#### Who Can Participate

Anyone with technical or cybersecurity expertise is welcome to join. You don’t need to be a NODO or FailSafe team member — as long as you act responsibly and follow the rules, you’re eligible for rewards.

#### How to Participate

1. Identify a Valid Vulnerability\
   Look for security vulnerabilities on NODO’s production systems, APIs, or web applications.
2. Prepare a Detailed Report\
   Include:
   1. Type and impact of the vulnerability
   2. Steps to reproduce (screenshots, proof-of-concept, or commands)
   3. Affected endpoints or components
3. Submit Your Report\
   Send your findings to <hello@getfailsafe.com>, cc: <support@nodo.xyz> with the subject line: “Bug Bounty: nodo.xyz”
4. Wait for Review\
   FailSafe will acknowledge your submission within 48 hours and begin triage.
5. Receive Your Reward\
   Once the issue is verified and fixed, rewards will be paid based on severity and report quality.

#### Reward Structure

| Severity | Example Impact                                          | Reward (USD)                   |
| -------- | ------------------------------------------------------- | ------------------------------ |
| Critical | Direct fund loss or permanent system compromise         | To be confirmed (case by case) |
| High     | Major loss of control or fund freeze                    | $5,000 – $10,000               |
| Medium   | Temporary service impact or limited oracle manipulation | $500 – $5,000                  |
| Low      | Informational or non-exploitable issue                  | Recognition or special rewards |

Final reward decisions are made jointly by FailSafe and NODO based on impact and quality.

#### Rules of Engagement

To qualify for rewards, participants must:

* Avoid exploiting vulnerabilities beyond proof-of-concept.
* Never access or modify user data.
* Avoid any action that degrades service or impacts other users.
* Keep findings confidential until the issue is resolved.
* Use only your own test accounts or data.

Violations of these principles may disqualify your submission.

#### Our Commitment

* Legal Safe Harbor: Researchers acting in good faith and following the rules will not face legal action.
* Confidential Handling: Reports are reviewed privately, and researchers may request public acknowledgment once resolved.
* Continuous Improvement: Every valid submission helps make NODO more secure for the entire community.

#### Contact

If you’ve found a security issue or have any questions about the program:\
Email: <hello@getfailsafe.com>, cc: [support@nodo.xyz<br>](mailto:support@nodo.xyz)Subject: Bug Bounty: nodo.xyz