> ## Documentation Index
> Fetch the complete documentation index at: https://docs.oaknetwork.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Bug Bounty Program

Oak Network runs a bug bounty program to encourage security researchers to find and report vulnerabilities in our protocol.

## Program Scope

### In Scope

* Smart contracts on Celo mainnet
* Protocol logic and implementation
* Integration vulnerabilities
* Frontend security issues

### Out of Scope

* Social engineering attacks
* Physical attacks
* Issues in third-party dependencies
* Issues already known to the team

## Vulnerability Severity

### Critical (Up to \$10,000)

* Direct theft of funds
* Protocol manipulation
* Complete system compromise

### High (Up to \$5,000)

* Significant fund loss
* Protocol functionality bypass
* Privilege escalation

### Medium (Up to \$2,000)

* Limited fund loss
* Information disclosure
* Denial of service

### Low (N/A, but appreciated)

* Minor issues
* UI/UX problems
* Documentation issues

## Reporting Process

### 1. Discovery

* Find a potential vulnerability
* Verify the issue
* Document the impact

### 2. Report

* Email: [security@oaknetwork.org](mailto:security@oaknetwork.org)
* Include detailed description
* Provide proof of concept
* Suggest remediation

### 3. Response

* Acknowledgment within 24 hours
* Initial assessment within 72 hours
* Resolution timeline provided

### 4. Resolution

* Issue fixed and verified
* Reward processed
* Recognition provided

## Responsible Disclosure

### Guidelines

* Do not publicly disclose until fixed
* Do not exploit vulnerabilities
* Do not access others' data
* Follow responsible disclosure timeline

### Timeline

* 30 days for initial response
* 90 days for resolution
* Public disclosure after fix

## Rewards

### Payment

* Rewards paid in USDC
* Minimum reward: \$100
* Maximum reward: \$10,000
* Payment within 30 days of resolution

### Recognition

* Hall of fame listing
* Social media recognition
* Conference speaking opportunities
* Community appreciation

## Next Steps

* [Security Overview](/security/overview) - Complete security documentation
* [Security Best Practices](/security/best-practices) - Security guidelines
* [Security Checklist](/security/checklist) - Pre-deployment checklist
