NEVERDIE is a driving force in Virtual Pop Culture and the economics of the Virtual goods market, Setting and breaking numerous Guinness World Records since 2004 for the Most Valuable Virtual items.
NEVERDIE is a driving force in Virtual Pop Culture and the economics of the Virtual goods market, Setting and breaking numerous Guinness World Records since 2004 for the Most Valuable Virtual items. NEVERDIEs Virtual World partnerships include Michael Jackson and Universal Studios and leading Virtual Worlds and MMOs including Entropia Universe and Shroud of the Avatar.
NEVERDIE launched the NEVERDIE Coin (NDC) and the Teleport token (TPT) in 2017 to unite virtual worlds and online games on the blockchain with interoperable virtual goods.
In 2018 NEVERDIE launched Dragon King the first blockchain strategy game to utilize NDC and TPT and the NEVERDIE crypto gaming wallet and API to support developers to integrate NDC and TPT into the next generation of online games.
In the web services and Neverdie web applications that store or process personal information of users. Personal information is, for example, logins and passwords, correspondence, order history and payment. Turn your attention that the program includes ONLY resources that are listed below:
API description: https://neverdie.io/docs/api.html
Vulnerabilities are critical gaps and technical flaws in systems that can violate the integrity, availability or confidentiality of user’s information, as well as change access rights to it.
We are interested in next web vulnerabilities:
We appreciate your efforts in taking out time and pointing it out to us, it helps us be better in our approach. While we are very thankful for your efforts, we don’t want them to go unrewarded. Eligible bug rewarded based on the CVSSv3 severity and we set next payout range:
Severity (CVSSv3) | Reward
Critical | 13746 HKN
High | 8247 HKN
Medium | 2749 HKN
Low | 916 HKN
In special cases, the size of the award can be increased if the researchers demonstrate how the vulnerability can be used to inflict maximum harm.
Automated scanners that generate massive network traffic volumes and may affect system performance are prohibited.
In general, the following vulnerabilities do not correspond to the severity threshold: This section contains problems that are not accepted in this competition, because they are malicious and / or because they have a low impact on security.
- Host Header
- Content-Security-Policy, X-Content-Security-Policy, X-WebKit-CSP
- Certificates/TLS/SSL related issues
- DNS issues (i.e. mx records, SPF records, etc.)
- Server configuration issues (i.e., open ports, TLS, etc.)
This program have been found on Hackenproof on 2018-10-15.