# Bug Bounty
**Titan DEX – Bug Bounty Program (v1.0)**\
\&#xNAN;*Last updated: 19 May 2025*
***
#### 1. Program Overview
Titan DEX—built on the **TON** network—invites security researchers to help protect our smart contracts, web app, and supporting infrastructure. Severity is determined solely by the Titan Security Team, but **rewards will never be less than the amounts below**.
| Severity | Minimum Reward (USD-equivalent) |
| ------------ | ------------------------------- |
| **Critical** | **$1 500** |
| **High** | **$1 000** |
| **Medium** | **$ 250** |
***
#### 2. What We Consider In-Scope
Below are **illustrative examples**. The Security Team reserves final classification.
| Category | Examples of Issues Likely to Qualify\* |
| ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Critical** | • Irreversible loss of liquidity or user funds (e.g., drain-or-lock without feasible recovery)
• Bypass of signature / authorization checks
• Remote execution of arbitrary smart-contract code
|
| **High** | • Bugs that temporarily lock or mis-route customer funds but allow full recovery by the team
• Incorrect fee/accounting logic that could be exploited to misallocate funds, provided recovery is possible
• Severe oracle or price-calculation errors that could lead to fund mispricing without direct, irreversible theft
|
| **Medium** | • Smart-contract logic errors with limited financial impact
• Exposure of non-critical user data (e-mail, IP)
|
\* The lists are not exhaustive; any vulnerability with material security impact qualifies.
***
#### 3. Out-of-Scope / No-Reward Examples
* Informational or best-practice issues
* Denial-of-Service solely via gas-limit exhaustion or transaction spam
* Issues already public or previously reported
* Social-engineering, phishing, or physical attacks on Titan staff or users
***
#### 4. Responsible Disclosure
1. **Send reports exclusively to **.
2. Include a clear step-by-step proof-of-concept.
3. Do **not** publish the vulnerability until Titan confirms remediation.
4. Avoid privacy violations, data destruction, and service degradation during testing.
***
#### 5. Reward Determination & Payment
* Rewards are paid in USDT or another mutually agreed asset on TON.
* Exceptional findings may receive higher payouts.
* First valid report of a given issue receives the reward (duplicates ineligible).
* Reporters must comply with all applicable laws and sanctions.
***
#### 6. Legal Notes
* Participation does not create any employment or agency relationship.
* Titan’s decisions on severity, eligibility, and reward size are final.
* By submitting, you grant Titan the right to use your report to improve security.
***
**Thank you for helping secure Titan DEX.**\
Questions? Reach us at ****.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.titan.tg/bug-bounty.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.