KoGaMa Bounty Program

The KoGaMa Bounty Program Is a continuation of the Exploit Reporter Program, it has been announced on the Official KoGaMa Discord Server in 08/20/2020 by Tokeeto.

Description
Help KoGaMa be a better place, and get rewarded in the process!

While you're all straight up awesome at reporting those in-game bugs, and letting us know what works and what doesn't, other parts of KoGaMa is a bit more boring and dry. In light of recent events, we're opening up the Bountry Program.

The mission
Find an exploit on friends.kogama.com, describe how it can be reproduced, and send us an email at bounty@kogama.com.

The type of exploits we're looking for with this program is limited to:

- Account security (gaining access to other accounts or restricted data)

- Financial security (circumventing payment, gaining unauthorized gold, or removing it)

- Infrastructure (shutting down servers, incurring downtime)

We're NOT looking for:

- Bugs related to the game (such as in-game cheat tools, immortality, odd respawns, and so on)

- Features that contains non-security error (such as chats being sent double, or delayed)

- Names of hackers

Due to the nature of these bugs, discussions of these bugs must be limited to voice chats and mails to and from bounty@kogama.com. You should always make sure that no one is gaining knowledge about these exploits before we can fix the problem. Failure to do so, may be seen as nefarious.

Caveats
This program does NOT give the right to hack other players or DDoS the server. If it happens, however, while looking for an vulnerability, simply report it to bounty@kogama.com or the mods on Discord, and we'll fix it. You should attempt to hack your own accounts or accounts created for the purpose of being hacked. If you intend to crash or wipe the server completely, let us know ahead of time.

Rewards
They have rewards/badges for 3 categories:

- Data security

- Monetary security

- Infrastructural security

Data security: Awarded for discovering exploits that can lead to unauthorized access to accounts, and other data. Account hacking is covered by this category.

Monetary security: Awarded for discovering exploits related to money, payment, gold and other currencies.

Infrastructural security: Awarded for discovering exploits related to server stability, file uploads, or other "spammy". Other exploits, not covered by the 3 primary categories, will most likely also be awarded this badge if we can't find a better fit.

And remember: Do not hack others, security testing only allowed on friends.kogama.com, and only against your own accounts.''' For any server stability/vulnerability you may find, or try to exploit, the devs (that's Tokeeto) has to be notified ahead of time, so they can stand by to bring the server back up.

Translations

Portuguese