# Bug bounty program MemeMax is committed to maintaining the security, integrity, and availability of its platform. This Bug Bounty Program is intended to encourage responsible disclosure of security vulnerabilities that may impact MemeMax users, infrastructure, or protocol components. Participation in this program is subject to the terms and conditions set forth below. *** ### Scope #### In-Scope Vulnerabilities The following categories of vulnerabilities may be eligible for rewards if they affect MemeMax in a live or realistically exploitable environment: * Smart contract vulnerabilities that could result in loss of user funds, incorrect state transitions, or violations of core protocol logic * Flaws affecting order execution, margin calculations, liquidation mechanisms, or settlement processes * Infrastructure or network vulnerabilities that could cause platform downtime, degraded performance, or incorrect system behavior * Critical API vulnerabilities that materially impact trading operations or risk management *** #### Out-of-Scope Vulnerabilities The following are not eligible for bounty rewards: * UI/UX issues without security implications * Vulnerabilities in third-party software, services, wallets, browser extensions, or dependencies that do not result in a direct MemeMax security impact * Issues requiring unrealistic user behavior, extreme or impractical market conditions, or social engineering * Vulnerabilities dependent on outdated, unsupported, or modified user devices or software * Theoretical or speculative issues without a demonstrable and reproducible security impact *** ### Submission Requirements All submissions must include sufficient detail to allow MemeMax to independently reproduce the reported issue. A complete submission must include: * A clear description of the vulnerability and its potential impact * Step-by-step reproduction instructions * A proof of concept (PoC), exploit demonstration, or relevant transaction data where applicable * Supporting materials such as logs, screenshots, or videos, if relevant Reports must be submitted via email to: If multiple parties report the same vulnerability, only the first complete and valid submission will be considered. *** ### Reward Structure Rewards are paid in **USDC** and are determined based on the severity, impact, and likelihood of the vulnerability. MemeMax reserves full discretion in vulnerability classification and reward determination. #### Severity Levels and Bounty Ranges * **Critical (up to $25,000)**\ Vulnerabilities that could result in significant loss of user funds, compromise core protocol integrity, or cause systemic failures. * **High (up to $10,000)**\ Issues that materially affect trading, risk controls, or platform availability without directly enabling large-scale fund loss. * **Medium (up to $2,500)**\ Vulnerabilities that impact specific users, APIs, or performance with limited systemic risk. * **Low (up to $500)**\ Issues with constrained impact or requiring significant user interaction to exploit. Reward amounts may vary within each range based on real-world risk and exploitability. *** ### Prohibited Activities The following activities are strictly prohibited and will render submissions ineligible: * Testing on mainnet in a manner that causes or may cause service disruption, loss of funds, or degraded availability * Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attacks * Phishing, social engineering, impersonation, or physical security attacks * Accessing, modifying, or attempting to access data belonging to other users without authorization * Public disclosure of vulnerabilities prior to remediation and explicit approval * Ransom demands, extortion, or threats * Exploiting vulnerabilities for personal gain beyond the scope of this program All testing must be conducted in good faith and strictly within the defined scope. *** ### Eligibility To be eligible for a bounty reward, participants must: * Be the first to submit a valid and complete report * Comply with any applicable KYC/KYB requirements * Be able to receive USDC payouts * Maintain confidentiality regarding vulnerabilities and communications until authorized disclosure * Not be a current or former MemeMax employee, contractor, or contributor to the affected codebase Submissions via third-party platforms or intermediaries will not be accepted. *** ### Legal Safe Harbor MemeMax agrees not to pursue legal action against researchers who act in good faith, comply with this program, and responsibly disclose vulnerabilities. This assurance does not apply to activities that are malicious, negligent, or outside the scope of this program. *** ### General Terms * MemeMax reserves the right to reject any submission that does not meet program requirements * MemeMax retains sole discretion over vulnerability classification, reward eligibility, and payout amounts * All submitted materials become the property of MemeMax and may be used for security analysis, remediation, or disclosure purposes * Program terms, scope, and reward ranges may be modified or terminated at any time without prior notice --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.mememax.com/others/bug-bounty-program.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.