At TAIKAI, we prioritize the security and privacy of our platform and its users. We recognize the valuable contributions of security researchers in helping us identify and address vulnerabilities.

To foster collaboration and maintain the integrity of our systems, we have established a Security Bug Bounty Program. This program encourages responsible disclosure of security vulnerabilities by rewarding white hat researchers who report valid web security issues to us.

Program Guidelines

1. Scope: The Security Bounty Program covers all TAIKAI digital assets, including but not limited to:
   • TAIKAI website (https://taikai.network)
   • TAIKAI API
   • TAIKAI Blog
   • Backend services
   • Any other digital property managed by TAIKAI Platform
2. Eligibility: Any individual or team can participate in the program, except TAIKAI employees and their immediate family members.
3. Responsible Disclosure: Participants must adhere to responsible disclosure practices. This means:
   • Report any discovered vulnerabilities promptly and privately to TAIKAI.
   • Refrain from disclosing the vulnerability publicly until it has been resolved by TAIKAI.
   • Avoid exploiting the vulnerability for any purpose other than demonstrating its existence.
4. Types of Vulnerabilities: TAIKAI appreciates reports on various security vulnerabilities, including but not limited to:
   • Cross-Site Scripting (XSS)
   • Cross-Site Request Forgery (CSRF)
   • Server-Side Request Forgery (SSRF)
   • Remote Code Execution (RCE)
   • Authentication bypass or privilege escalation
   • Data leakage or exposure
   • Injection vulnerabilities (SQL injection, XML injection, etc.)
   • Business logic flaws
   • Denial of Service (DoS) attacks
   • Smart Contract Vulnerability
5. Exclusions: The following types of vulnerabilities are not eligible for rewards:
   • Denial of Service attacks that do not significantly impact the availability of TAIKAI services.
   • Vulnerabilities are dependent on social engineering or physical access.
   • Vulnerabilities already reported by other researchers or already known to TAIKAI.
6. Rewards: The reward amount will vary depending on the severity and impact of the vulnerability. Rewards will be determined at the discretion of TAIKAI's security team. Typical factors considered include:
   • Severity of the vulnerability
   • Quality of the report (clarity, detail, and reproducibility)
   • Potential impact on TAIKAI's systems or users
7. How to Submit a Report: Participants can submit vulnerability reports by emailing [email protected] . Reports should include:
   • Detailed description of the vulnerability, including steps to reproduce it
   • Proof of concept or demonstration, if applicable
   • Contact information for follow-up communication
8. Response and Resolution: TAIKAI is committed to acknowledging valid reports promptly and working to resolve them in a timely manner. We will maintain open communication with researchers throughout the disclosure and resolution process.
9. Legal Compliance: Participants must comply with all applicable laws and regulations. TAIKAI will not pursue legal action against researchers who act in good faith and adhere to the program guidelines.
10. Final Decision: TAIKAI reserves the right to make the final decision on reward amounts, eligibility, and any other aspect of the Security Bug Bounty Program.

Disclaimer: Participation in the Security Bounty Program is voluntary, and TAIKAI reserves the right to modify or terminate the program at any time without prior notice.