NEVERDIE launched the NEVERDIE Coin (NDC) and the Teleport token (TPT) in 2017 to unite virtual worlds and online games on the blockchain with interoperable virtual goods.
About Company
NEVERDIE is a driving force in Virtual Pop Culture and the economics of the Virtual goods market, Setting and breaking numerous Guinness World Records since 2004 for the Most Valuable Virtual items. NEVERDIEs Virtual World partnerships include Michael Jackson and Universal Studios and leading Virtual Worlds and MMOs including Entropia Universe and Shroud of the Avatar.
NEVERDIE launched the NEVERDIE Coin (NDC) and the Teleport token (TPT) in 2017 to unite virtual worlds and online games on the blockchain with interoperable virtual goods.
In 2018 NEVERDIE launched Dragon King the first blockchain strategy game to utilize NDC and TPT and the NEVERDIE crypto gaming wallet and API to support developers to integrate NDC and TPT into the next generation of online games.
Scope
Smart contracts addresses from the scope are listed here https://neverdie.io/master-addresses.html
Please, note that if you find a bug in one of the token smart contract you should report it once since it will apply to all of the categories.
What to look for
We are looking for an evidence and reasons of incorrect behavior of the smart contract, which could cause unintended functionality.
We are interested in the following vulnerabilities:
- Reentrancy
- Reordering
- Over and under flows
- Short address attack
- Attacks on logic (behavior of the code is different from business description)
- Missing access control
- Standards violations
- Time dependencies (30 sec is crucial)
- Randomness issues
The size of rewards
We appreciate your efforts in taking out time and pointing it out to us, it helps us be better in our approach.
- Only vulnerabilities which can lead to real issues are covered by the bug bounty program.
- Eligible bug rewarded based on calculated risk, е.g. likelihood vs impact.
- However, it’s entirely at our discretion to decide whether a bug is significant enough to be eligible for reward.
- In special cases, the size of the award can be increased if the researchers demonstrate how the vulnerability can be used to inflict maximum harm.
| Severity | Reward |
|---|---|
| Critical | 2970 USDT(TRC-20) |
| High | 1782 USDT(TRC-20) |
| Medium | 297 USDT(TRC-20) |
| Low | 99 USDT(TRC-20) |
Out-of-Scope
In general, the following vulnerabilities do not correspond to the severity threshold:
- Old compiler version
- Compiler version is not locked
- Vulnerabilities in imported contracts
- Code style guide violations
- Redundant code
- Vulnerabilities in third-party applications
- Gas optimizations
- Obsolete solidity constructions