# Bug Bounty
#### Program fund is 50.000 USD
Rewards
| Level of vulnerability | Amount |
| ---------------------- | --------------- |
| Critical | Up to 5.000 USD |
| High | 2.000 USD |
| Medium | 500 USD |
These rewards may be increased in the future.
Smart Contracts
Currently the scope of program only includes CLMM contract. The scope might be extended with other versions in the future.
| Name of Contract | Link |
| ---------------- | ------------------------------------------------- |
| CLMM Contract | |
The contracts version may be updated in the future. Please contact our support team in Discord or Telegram to get access to scope.
Impacts in scope
Only the following impacts are accepted within this Bug Bounty program. All other impacts are not considered as in-scope, even if they affect something in the assets in scope table.
| Type | Level |
| ----------------------------------------------------------------------------------------- | -------- |
| Direct theft of any user funds | Critical |
| Permanent freezing of funds | Critical |
| Protocol insolvency | Critical |
| Theft of unclaimed yield | High |
| Freeze ability of other users to trade | High |
| Temporary freezing of funds | High |
| Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol) | Medium |
Rules
The following activities are prohibited by this Bug Bounty program:
* Any testing with mainnet.
* Any testing with pricing oracles or third party Smart Contracts
* Attempting phishing or other social engineering attacks against our employees and/or customers
* Any testing with third party systems and applications (e.g. browser extensions) as well as websites (e.g. SSO providers, advertising networks)
* Automated testing of services that generates significant amounts of traffic
* Any denial of service attacks
Non-issues
The following issues are excluded from the rewards for this Bug Bounty program:
* Lack of liquidity
* Best practice critiques
* Centralization risks
* Issues with information about user balances
* Cases with disguising one asset with another asset
* Issues with precision when providing liquidity: e.g. in certain case, if you provide liquidity and after that you directly burn it, you may receive a bit less of one jetton and a bit more of the other one
* Any kind of optimization/logic improvements/coding style improvements
* Issues related to contract deletion caused by inability to pay rent
* Issues related to gas optimisation
* Issues related to loss of funds caused by price slippage: frontrunning, backrunning, sandwich attacks, etc.
* Possible loss of funds when attempting to perform a swap in non-initialized pool (before successful provideLP)
Reports
All bug reports must include a Proof of Concept demonstrating how the vulnerability can be exploited to be eligible for a reward. This may be a Smart Contract itself or a transaction. Only the reports that meet the requirements will be considered by the experts.
Please send reports to
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.flowx.finance/developer/bug-bounty.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.