# Bug Bounty Program

> :::info
For security-related inquiries and vulnerability reports, please contact us at **security@curve.finance**.

# Bug Bounty

:::info
For security-related inquiries and vulnerability reports, please contact us at **security@curve.finance**.

We take security seriously and appreciate responsible disclosure.
:::

## Bug Bounty Payout

| Likelihood ↓ / Severity → | Low | Moderate | High |
| :-: | :-: | :-: | :-: |
| Almost Certain | $10,000 | $50,000 | $250,000 |
| Possible | $1,000 | $10,000 | $50,000 |
| Unlikely | $250 | $1,000 | $5,000 |

## Scope

Issues which can lead to **substantial loss of money**, critical bugs like a **broken liveness condition** or **irreversible loss of funds**.

## Disclosure Policy

- Let us know as soon as possible upon discovery of a potential security issue.
- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third party.

## Exclusions

- Already known vulnerabilities.
- Vulnerabilities in front-end code not leading to smart contract vulnerabilities.

## Eligibility

- You must be the first reporter of the vulnerability.
- You must be able to verify a signature from the same address.
- Provide enough information about the vulnerability.