[New Bug Bounty] Nado Has Launched Bug Bounty With Up to $500,000 Reward Per Critical Vulnerability

Meet Nado

Nado is the orderbook DEX harnessing the perfect storm with precision, performance, and control – built on the Ink L2.

Check Out The Rewards

Nado launched 2 new programs, so if you find a vulnerability according to the bounty rules, they will reward you according to these tiers:

In Smart Contract:

• Critical: $50,000 – $500,000
• High: $5,000 – $50,000
• Medium: $2,000 – $5,000
• Low: $50 – $1,000

In the Web target:

• Critical: $5,000 – $10,000
• High: $2,000 – $5,000
• Medium: $500 – $2,000
• Low: $50 – $500

Join The Bounty Hunt

There are Smart Contracts and Web targets to scope!

Make sure your reports contain info about these incidents in Smart Contracts:

• Stealing or loss of funds
• Unauthorized transaction
• Transaction manipulation
• Attacks on logic (behavior of the code is different from the business description)
• Reentrancy
• Reordering
• Over and underflows

Web program has such vulnerabilities in scope:

• Business logic issues that affect the safety of user or protocol
• Business logic issues that result in a misrepresentation of user funds
• Payments manipulation
• Remote code execution (RCE)
• Injection vulnerabilities (SQL, XXE)
• File inclusions (Local & Remote)
• Access Control Issues (IDOR, Privilege Escalation, etc.)
• Leakage of sensitive information
• Server-Side Request Forgery (SSRF)
• Cross-Site Request Forgery (CSRF)
• Cross-Site Scripting (XSS)
• Directory traversal
• Other vulnerabilities with a clear potential loss

To increase your chances of finding a critical bug, read Nado’s docs here.

Once you’re ready, click here to join the bounty hunt!