Ecosystem
Bug Bounty
Help Us Build a Safer Platform
Security is fundamental to Kash’s mission. We encourage community members and security researchers to report vulnerabilities responsibly. Security contributions may be eligible for recognition and rewards through our Community Incentives program.
Security Reporting
What to Report
What to Report
Security Issues We Want to Know AboutCritical Security Issues:
- Smart contract vulnerabilities affecting user funds or market integrity
- Wallet security issues related to MPC technology or account access
- Market resolution problems that could lead to incorrect payouts
- Bot security vulnerabilities in @kash_bot interactions
- Authentication bypasses or unauthorized access methods
- Transaction manipulation or incorrect fee calculations
- Data privacy issues or information disclosure vulnerabilities
- Oracle manipulation or resolution system exploits
- API security vulnerabilities in platform endpoints
- Database security issues or data exposure risks
- Network security problems affecting platform availability
- Integration vulnerabilities with Base network or third-party services
How to Report
How to Report
Responsible Disclosure ProcessContact Information:What to Include:
- Security Email: [email protected] for all security-related reports
- Response Time: We aim to acknowledge reports within 24 hours
- Investigation: Security team will investigate and provide updates
- Resolution: We’ll work with you to understand and fix the issue
- Detailed description of the security issue
- Step-by-step reproduction instructions
- Impact assessment and potential consequences
- Supporting evidence like screenshots or transaction hashes
Security Guidelines
How to Test Safely and ResponsiblyAcceptable Testing:
- Use test accounts for security research when possible
- Limit testing scope to avoid disrupting other users
- Document findings thoroughly for clear reporting
- Respect user privacy and avoid accessing personal data
- Start with low-impact tests before attempting more complex exploits
- Use minimal data necessary to demonstrate the vulnerability
- Avoid automated scanning that could impact platform performance
- Test on testnets when possible to avoid mainnet risks
- Don’t access other users’ accounts or private information
- Don’t disrupt platform services or availability
- Don’t perform large-scale automated attacks
- Don’t publicly disclose vulnerabilities before reporting them
Community Contribution
Recognition and Rewards
Recognition and Rewards
How We Recognize Security ContributionsCommunity Recognition:
- Public acknowledgment for significant security contributions
- Security contributor status and community recognition
- Direct collaboration with development team on improvements
- Contribution tracking for ongoing security research
- $KASH token rewards for verified security contributions through Community Incentives
- Priority access to new features and beta testing opportunities
- Enhanced platform privileges for trusted security researchers
- Networking opportunities with development and security teams
- Impact assessment determines the significance of contributions
- Quality of reporting and responsible disclosure practices
- Collaboration and assistance with resolution efforts
- Community benefit and protection of user funds
Ongoing Collaboration
Ongoing Collaboration
Building Long-term Security PartnershipsSecurity Community:
- Regular communication with active security researchers
- Feedback integration on security improvements and features
- Early access to new features for security evaluation
- Community forums for security discussion and collaboration
- Skill building through real-world security research
- Portfolio development with verified security contributions
- Industry networking with security professionals
- Career opportunities in blockchain and DeFi security
- Continuous security enhancement through community input
- Proactive vulnerability identification and resolution
- Security best practices development and documentation
- Industry leadership in prediction market security
Advanced Security Research
Circuit Audits and Multi-Prover Models
Circuit Audits and Multi-Prover Models
Advanced Security for High-Stakes MarketsCircuit Audit Process:
- Tier 1 Audits: Standard security review for all circuits by established firms
- Tier 2 Audits: Enhanced review for high-value market resolution circuits
- Tier 3 Audits: Formal verification and mathematical proof of circuit correctness
- Continuous Monitoring: Ongoing security assessment of deployed circuits
- Redundant Verification: Multiple independent provers for critical market resolutions
- Consensus Mechanisms: Majority agreement required for high-stakes outcomes
- Prover Diversity: Different implementations to avoid systematic vulnerabilities
- Fallback Systems: Alternative resolution methods if primary provers fail
- Volume Thresholds: Markets with >$100K total volume get enhanced security
- Public Interest: Markets with significant social or economic impact
- Complexity Assessment: Markets requiring sophisticated data analysis
- Risk Evaluation: Markets with potential for manipulation or disputes
- Fault Tolerance: System continues operating even if individual components fail
- Attack Resistance: Multiple independent systems must be compromised simultaneously
- Verification Confidence: Mathematical certainty of resolution correctness
- Transparency: All audit reports and verification proofs publicly available
- Circuit Analysis: Review zero-knowledge circuit implementations
- Prover Verification: Test multi-prover consensus mechanisms
- Audit Process: Participate in formal verification processes
- Security Testing: Evaluate high-stakes market security measures
Getting Started
For Security Researchers
For Security Researchers
How to Begin Security Research on KashPreparation Steps:
- Study platform documentation to understand system architecture
- Review smart contracts and open source code repositories
- Understand prediction markets and unique security considerations
- Familiarize yourself with Base network and ERC-4337 standards
- Start with documentation review and system understanding
- Identify potential attack vectors and vulnerability classes
- Develop testing methodology that respects platform and users
- Plan responsible disclosure timeline and communication strategy
- Collaborate professionally with the security team
- Document findings thoroughly and clearly
- Suggest practical mitigation strategies when possible
- Maintain confidentiality until issues are resolved
For Community Members
For Community Members
How Regular Users Can Contribute to SecurityEveryday Security Awareness:
- Report suspicious activity or unusual platform behavior
- Share security concerns with the community and support team
- Follow security best practices for account and fund protection
- Stay informed about security updates and best practices
- Watch for phishing attempts and fraudulent communications
- Report fake accounts or impersonation attempts
- Verify information through official channels before acting
- Help educate other users about security risks and protection
- General feedback through support channels and community forums
- Bug reports for non-security issues through normal support
- Feature suggestions that could improve platform security
- Community education and security awareness initiatives
Always report security issues privately to [email protected] before public disclosure. Public disclosure of vulnerabilities before they’re fixed can put user funds and the platform at risk.
Security research is most effective when combined with deep understanding of the platform’s architecture and user needs. Take time to understand how Kash works before looking for potential issues.