# Bug Bounties ## Immunefi Bounty Program ALEX maintains the quality and security of the ecosystem through different means. One of them is the [Immunefi Bug Bounty Program](https://immunefi.com/bounty/alex/). If you are interested in participating and detecting vulnerabilities to earn rewards, head over to the ALEX section on Immunefi, or continue reading to find out more. ### Overview The Immunefi Bug Bounty Program is designed to incentivize security researchers to find and report vulnerabilities in the ALEX ecosystem. By participating, ethical hackers help ensure the integrity and safety of ALEX’s smart contracts, infrastructure, and overall platform security. ### Rewards The bounty rewards are paid in ALEX, and they are based on the severity of the discovered vulnerability. Immunefi follows the industry-standard Common Vulnerability Scoring System (CVSS) to classify bugs into different levels: * **Critical:** Highest payout, affecting key smart contracts or assets at risk * **High:** Affects platform stability or user funds, but with mitigations * **Medium:** Potential exploits with limited impact * **Low:** Minor vulnerabilities with little to no security risk Exact reward amounts may vary based on the severity, impact, and quality of the report. ### Requirements * **Proof of Concept (POC):** A clear explanation and working proof-of-concept (PoC) demonstrating the impact of the vulnerability must be provided. * **Official disclosure:** Report vulnerabilities through the official Immunefi platform. Public disclosure before resolution disqualifies the submission. * **Testing on local forks:** No testing should be done on either the ALEX mainnet or testnet. Use local forks of either of those networks * **Novelty of vulnerabilities:** Vulnerabilities must not have been included in [prior audits](/developers/alex-contracts/security-audit.md) For additional requirements and prohibitions, please refer to the [Immunefi page](https://immunefi.com/bounty/alex/). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.alexlab.co/developers/resources/bug-bounty.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.