# Bug Bounties

Scope: Issues which can lead to substantial loss of money, critical bugs like a broken live-ness condition or irreversible loss of funds.

Disclosure policy:

* Let us know as soon as possible upon discovery of a potential security issue.
* Provide us a reasonable amount of time to resolve the issue before any disclosure **to the public or a third-party.**

Exclusions:

* Already known vulnerabilities.
* Vulnerabilities in front-end code not leading to smart contract vulnerabilities.

Eligibility:

* You must be the first reporter of the vulnerability
* You must be able to verify a signature from same address
* Provide enough information about the vulnerability

Bounty payout:<br>

| Likelihood     | Low Severity | Medium Severity | High Severity |
| -------------- | ------------ | --------------- | ------------- |
| Almost Certain | $10,000.00   | $50,000.00      | $250,000.00   |
| Possible       | $1,000.00    | $10,000.00      | $50,000.00    |
| Unlikely       | $1,000.00    | $1,000.00       | $10,000.00    |

Contact:<contact@convexfinance.com>