The mission of the Jackal Protocol is to deliver the fundamental human rights of accessible data security and privacy to the Internet’s citizens without compromise. One of this mission’s core tenants is proactively identifying and resolving security vulnerabilities.
As the development pipeline for the Jackal Protocol is in perpetual motion, so should our security testing and bounty programs.
The Jackal Bug Bounty Program exists to reward hackers who discover bugs on the Jackal Protocol and products. To be eligible for a reward, hackers and security researchers must responsibly disclose them. Responsible disclosure includes adhering to strict confidentiality and not publishing sensitive information in public, on Github, or by any means that would compromise this program’s operational security.
Compensation is rewarded in either JKL, USDC, or USDT cryptocurrencies.
The compensation plan for this bounty program is relative to impact, risk, the likelihood of the exploit, and report quality. To ensure standardization and fairness, compensation is based on the standardized CVSS framework to score reports. Scoring will be conducted by a representative from Jackal Labs, the Jackal Foundation, or an agreed-upon third party.
There is no maximum program reward. We have left the maximum program reward without a ceiling as we value the disclosure of severe bugs and the tireless work of hackers in an ever-changing digital landscape. At our discretion, we may reward creative low-tier bugs or high-quality reports at a higher tier than determined by the CVSS framework.
Teams can request the bounty to be split amongst multiple parties.
If a bug report for the same bug is submitted multiple times, the bug bounty will be rewarded to the party that submitted the first bug report in chronological order.
*.jackalprotocol.com*.jackallabs.com*.jackaldao.com*.jackal.email*.jackal.network*.jackalstorage.com
This program aims to encompass a full range of bugs that can demonstrate a security risk.
A team member will provide a first response within 48 hours of submitting the bug report and keep the reporter updated throughout the patch and reward process.
If you have found a bug, please disclose a bug report by emailing it to security[at]jackallabs.io. Responsible disclosure of a bug includes adhering to strict confidentiality and not publishing sensitive information publicly, on Github, or by any means that would compromise this program’s operational security.
Any activities conducted in a manner consistent with the policies outlined by this bug bounty program will be considered authorized conduct. Jackal Labs and the Jackal Foundation will NOT initiate legal action against hackers or security researchers that abide by the policies of this program. If a third party initiates legal action against you concerning activities protected by this policy, Jackal Labs and the Jackal Foundation will issue a public statement that your actions were in compliance with this policy.
Jackal Labs and the Jackal Foundation reserve the right to modify or cancel the Jackal Bug Bounty Program at anytime. Hackers and security researchers that have bug reports submitted before changes are made to this program and were not rewarded until after changes occur will have their bounty rewarded relative to the version of the program published at the time of bug report submission.
Thank you for helping keep the Jackal Protocol secure and safe in perpetuity. Your only crime is that of curiosity, and you shall be rewarded within the program outlined here.
"You may stop an individual, but you can't stop us all... after all, we're all alike" The MentorJanuary 8, 1986