Managed by Hacken


Kalmar is a decentralized bank powered by non-fungible token technology and advanced gamification models.

In Scope

Target Type Severity Reward
Solidity Critical Bounty
Severity (CVSSv3) Reward
Critical 5000$
High 1000$
Medium 500$
Low 300$

In Scope

We are looking for evidence and reasons for incorrect behavior of the smart contract, which could cause unintended functionality:

  • Stealing or loss of funds
  • Unauthorized transaction
  • Transaction manipulation
  • Attacks on logic (behavior of the code is different from the business description)
  • Reentrancy
  • Reordering
  • Over and underflows

Out of Scope

  • Theoretical vulnerabilities without any proof or demonstration
  • Old compiler version
  • The compiler version is not locked
  • Vulnerabilities in imported contracts
  • Code style guide violations
  • Redundant code
  • Gas optimizations
  • Best practice
  • Perform testing only within the scope
  • Test only on private testnet, no testing for third party contracts
  • Only vulnerabilities that can lead to real issues are covered by the bug bounty program
  • In special cases, the size of the award can be increased if the researchers demonstrate how the vulnerability can be used to inflict maximum harm
  • Any details of found vulnerabilities must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company without appropriate permission

Critical: 5,000 - 15,000 USDT

High: 1,000 -5,000 USDT

Medium: 500 - 1,000 USDT

Low: 300 USDT