> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fullsail.finance/llms.txt
> Use this file to discover all available pages before exploring further.

# Bug Bounty Program

Full Sail operates a targeted, high-severity bug bounty program focused on issues that pose a credible risk to user funds, protocol logic, or core contract integrity. This program is designed to reward meaningful contributions that enhance the safety and resilience of the protocol.

## **In-Scope Targets**

* All deployed Full Sail DEX smart contracts
* Frontend vulnerabilities that can lead to:
  * **User fund misdirection**
  * **Arbitrary contract calls**
  * **Manipulation of swaps/liquidity position state**

## **Out-of-Scope Submissions**

* Email spoofing
* Social engineering or phishing tricks
* Broken links, typos, UI polish issues
* “Best practices” suggestions with no exploitable vector

If it doesn’t affect funds or critical user interactions, it isn’t considered for rewards.

## **Reward Tiers**

| **Severity** | **Reward Range**             | **Example Bugs**                                                                                           |
| ------------ | ---------------------------- | ---------------------------------------------------------------------------------------------------------- |
| **Critical** | **5,000 USDC – 25,000 USDC** | Full asset drain, bypass of swap/LP limits, price manipulation via logic flaw, contract ownership takeover |
| **High**     | **1,000 USDC – 5,000 USDC**  | Locked funds, incorrect accounting, ability to grief LPs or force mispriced trades                         |

All rewards are paid in **USDC**.

## **Submission Requirements**

To be considered for a reward, reports must include:

* A **clear description** of the bug
* Step-by-step **reproduction instructions** (e.g. code snippet or testnet transaction)
* Explanation of the **impact** (financial, functional, or security)
* Suggested fix (optional, but helpful)

Incomplete or vague submissions will not be considered.

## **Disclosure Policy**

All reports must be submitted privately via [feedback@fullsail.finance](mailto:feedback@fullsail.finance)

**Do not publish exploits, proof-of-concepts, or technical details until the issue has been patched or confirmed as safe. Public disclosure before official response will forfeit eligibility and may result in blacklisting from future programs.**