Kalmar: Program Info

Triaged by HackenProof

Ended 868 days ago

Kalmar is a decentralized bank powered by non-fungible token technology and advanced gamification models.

In Scope

Target Type Severity Reward
Web Critical Bounty

In Scope

We are looking for evidence and reasons for incorrect behavior of the smart contract, which could cause unintended functionality:

  • Stealing or loss of funds
  • Unauthorized transaction
  • Transaction manipulation
  • Attacks on logic (behavior of the code is different from the business description)
  • Reentrancy
  • Reordering
  • Over and underflows

Out of Scope

  • Theoretical vulnerabilities without any proof or demonstration
  • Old compiler version
  • The compiler version is not locked
  • Vulnerabilities in imported contracts
  • Code style guide violations
  • Redundant code
  • Gas optimizations
  • Best practice
  • Perform testing only within the scope
  • Test only on private testnet, no testing for third party contracts
  • Only vulnerabilities that can lead to real issues are covered by the bug bounty program
  • In special cases, the size of the award can be increased if the researchers demonstrate how the vulnerability can be used to inflict maximum harm
  • Any details of found vulnerabilities must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company without appropriate permission

Critical: 5,000 - 15,000 USDT

High: 1,000 -5,000 USDT

Medium: 500 - 1,000 USDT

Low: 300 USDT

The budget of the Bug Bounty program is $100 000.