NovaDAX is committed to providing a safe and efficient trading environment and always considers the security of users as the first priority. Therefore, NovaDAX recognizes the importance and value of security researchers’ efforts in helping keep our community safe and encourages responsible disclosure of security vulnerabilities via our bug bounty program (“Bug Bounty Program”) described on this page.
If you discover a bug or potential security risk, Please contact us by email [email protected].
Scope
Our responsible disclosure program covers all our products and services under our direct control:
- com.br
- com
- Android: Play Store NovaDAX app
- iOS: App Store NovaDAX app
Examples of issues that are eligible for rewards:
- User Account Security
- Theft of Funds
- Sensitive Data Exposure
- Broken Trading Functions
Examples of issues that are ineligible for rewards:
- Issues already known to us
- Issues with no (real) security impact (eg: font, image in the site)
- Features suspended due to upgrade
- Social engineering
- Physical security
Reward and how to report an issue
Please send an e-mail to [email protected] with a proof of concept explaining the issue(s) you found.
We will review your submission in 2 weeks after receiving it. The reward is based on the severity of the vulnerability or creativity of the exploitation.