# Bug Bounty UXD Protocol is proud to offer a generous bug bounty program in order to align the incentives of users and various security testers. UXD Protocol believes a generous bug bounty program is key to protocol security, as it makes the decisions of white and grey hat hackers more aligned with the users of UXD. ### Program Details The program will initiate at UXD Protocol's launch, on January 18th at 14:00 UTC. Although UXD's smart contracts are not yet open sourced, we will still be awarding any critical issues that may be found. **2% of UXP is allocated to our bug bounty program**, coming from the "Community Fund" token allocation. Eventually, these funds may be redirected towards protocol development if voted on by the forthcoming DAO. We use the below severity guidelines (informed by [Immunefi's classification system](https://immunefi.com/severity-updated/)): ![](/files/uXfGUQTfUapxsFywZMvS) Please direct all bug bounty inquiries to . Please provide a detailed description of the attack vector. If it is possible, we require a demonstrated proof-of-concept on a privately deployed mainnet contract. ### **Other notable exceptions** The following are out of scope for the bug bounty program: * Attacks that the reporter has already exploited themselves, leading to damage and/or loss of funds. * Attacks that the reporter has deployed on a public mainnet which is consequently used by an attacker to exploit, even if the reporter was not the attacker * Attacks requiring access to leaked keys/credentials * Attacks requiring access to other privileged addresses (governance, admin) * Incorrect data supplied by third party oracles (This does not exclude oracle manipulation/flash loan attacks) * Issues arising solely from liquidity * Third party, off-chain bot errors (for instance bugs with an arbitrage bot running on the smart contracts) * Best practice critiques * Sybil attacks --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.uxd.fi/uxdprotocol/resources/bug-bounty.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.