# Bug Bounties {% hint style="success" %} We take security extremely seriously, and reward whitehat bug finders with rewards based in some combination of KAP or USDC as outlined below. Our smart contracts are based off of OpenZeppelin primitives with our own unique twist, and audited by both Halborn and Ackee. Our full-stack web apps are undergoing continuous pentesting by two different cybersecurity firms. {% endhint %} We rank bugs according to the [CVSS scoring system](https://www.first.org/cvss/calculator/3.0). If you find a bug, you should immediately contact the moderators on Discord, who will direct you to the appropriate parties. We pay out bug hunter based on the severity of the bug, with the following payout schedule: * (0.1 - 1.0) Informational: Up to $250 * (1.1 - 3.9) Low Risk: Up to $750 * (4.0 - 6.9) Medium Risk: Up to $2,500 * (7.0 - 8.9) High Risk: Up to $5,000 * (9.0 - 10.0) Critical: Either up to $25,000 or 2.5% of the funds at risk of permanent loss Payouts may be made either in USDC or in an equivalent amount of native KAP tokens, depending on treasury conditions at the time, and assuming that the individual who provided the information on the bug also assists in its resolution. {% hint style="info" %} Contact us at to place a bug report. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://whitepaper.kap.gg/documentation/bug-bounties.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.