# Bug Bounty Frax Finance provides one of the largest bounties in the industry for exploits where user funds are at risk or protocol controlled funds/collateral are at risk. \ \ The bounty is simply calculated as the lower value of 10% of the total possible exploit or $10m worth paid in FRAX+FXS (breakdown at team's discretion). Both tokens are immediately liquid. The bounty will be delivered immediately or a maximum turnaround time of 5 days due to timelock+mitigation. This bounty is a "no questions asked" policy for disclosures and/or immediate return of funds after any incident. \ \ Slow arbitrage opportunities or value exchange over a prolonged period is not applicable to this bounty and will receive a base compensation bounty of 50,000 FRAX (prev FXS) or frxUSD (at team discretion). **Note**: This bounty does not cover any front-end bugs/visual bugs or any type of server-side code of any web application that interacts with the Frax Protocol. The above bug bounty is **only** for smart contract code. Smart contract code on any chain that manages Frax Protocol value and/or user deposited value is included in this bounty.\ \ This bounty applies to all smart contracts deployed by the Frax Deployer addresses including Fraxswap AMM, Fraxlend, and frxETH.\ \ **Submission format**: Please submit your disclosure as a private GitHub gist (gist.github.com) containing your proof-of-concept, write-up, and any relevant code. Share the **private** gist link with the team via the contact channels below — do not send raw zip files or executable attachments. Private gists keep the disclosure confidential while making it easy for our engineers to review the code with proper syntax highlighting, version history, and inline comments. If your PoC requires a full repository structure, you may instead share a private GitHub repo and grant access to the Frax security team upon request. \ **Contacts**: you can reach out anonymously through any communication channel including Twitter, Telegram, Discord, or Signal. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.frax.finance/smart-contracts/bug-bounty.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.