Program Guidelines

• Respect Privacy and Integrity: Avoid privacy breaches, data loss, or service disruptions, including DoS attacks.
• Responsible Handling: Do not exploit vulnerabilities beyond proving their existence.
• Confidential Reporting: Submit vulnerabilities privately to us.
• No Non-Technical Attacks: Avoid social engineering or phishing.
• Limit Automated Tools: Excessive scanning may lead to IP blocking.
• One Vulnerability Per Report: Unless chaining is required.
• First Come, First Served: Only the first valid report is rewarded.
• Compliance: By participating, you agree to these rules.

Program Scope

• In-Scope: Web: https://nonkyc.io
• Reporting: Email vulnerabilities to [email protected].

Out of Scope

Vulnerabilities outside this scope are typically ineligible unless they pose a major risk.

• Bugs in third-party applications.
• Public login panels without exploit proof.
• Minor data leaks and open redirects.
• Infrastructure misconfigurations (e.g., missing HTTP headers).
• Rate limit bypasses without impact.

Rewards

Rewards in USDT based on severity:

Risk Assessment

• Critical: Full system compromise, data breaches.
• High: Admin access or data manipulation.
• Medium: Disrupting operations or exposing non-critical data.
• Low: Minor issues requiring effort to exploit.

Confidentiality Agreement

Participants must keep all findings confidential until Nonkyc.io provides written consent for disclosure.

Why Participate?

By responsibly reporting vulnerabilities, you help secure our platform while earning rewards for your expertise.

Submit findings to [email protected].