TL;DR
- Policy updates are live on HackenProof (duplicates/repeats, scope incl. *kaia.io exceptional cases, severity/payout rules).
- Only reports labeled “Triaged” by HackenProof proceed in the workflow.
- Updated SLA highlights: triage 3 days, internal review (Protocol 14d / Web 7d), payment within 3 days after fix is pushed to dev/staging.
- For full details + bounty amounts, check the program pages.
What’s changing (high level)
We’ve been tightening the workflow across both bug bounty programs to reduce confusion and improve turnaround predictability.
These policy areas have been updated on the HackenProof pages:
- Duplicate / repeated report handling
- Scope & eligibility clarifications (including *kaia.io exceptional cases)
- Severity/payout rules (bounty amounts are reflected on HackenProof)
Because there are additional details beyond the three items above, please treat the HackenProof pages as the source of truth.
Workflow clarification
- Submit your report via HackenProof
- HackenProof performs platform triage
- Only reports labeled “Triaged” will proceed in the workflow
- If the report is marked Questions / Need-more-information, please reply with the requested details to unblock review
SLA (effective now)
- Platform triage: 3 days
- Internal review: Kaia Protocol 14 days / Kaia Web 7 days
- Payment: within 3 days after the fix is pushed to dev/staging
Links (full details + bounty amounts)
- Kaia Web: https://hackenproof.com/programs/kaia-web
- Kaia Protocol: https://hackenproof.com/programs/kaia-protocol
Questions/status updates
If you want an update on your report, please start here in the thread with:
- Program (Protocol or Web)
- Report ID (from HackenProof)
- Current label/status (e.g., Triaged / Questions / Need-more-information)