# Bug Bounty Program

{% hint style="info" %}
The WNS Bug Bounty program covers the Wen New Standard program and the Wen Royalty Distribution program. As new programs are added, this program will cover these as well. The goal of this program is to promote a legal and profitable means for diagnosing and disclosing security information before
{% endhint %}

## Bounty & Breakdown

Bounties for the bug bounty program are as follows:

<table><thead><tr><th width="168">Severity</th><th>Bounty</th></tr></thead><tbody><tr><td>Critical </td><td>$10,000-$100,000</td></tr><tr><td>High</td><td>$1,000-$5,000</td></tr><tr><td>Low</td><td>$100-$500</td></tr></tbody></table>

The descriptions of the different severity of bugs are as follows:

**Critical -** Significant escalation of Signer privileges or errors in code execution that presents an immediate risk to a significant portion of users.&#x20;

* Loss of funds
* Insertion attacks in transfer hook
* Cryptographic failures

**High -** Attackers can modify critical data or behaviors that they should not be able to access. More narrow in impact than critical or less foundational to the protocol, e.g.

* Modify sensitive data
* DoS of WNS minting
* Supply chain attack on SDK

**Low -** Attackers can violate an expectation for how something is intended to work but allow nearly no escalation of privilege or ability to seriously impact the useability of the protocol. This also includes bugs that result in unintended outcomes for users.

* Incorrect data writes on mint
* Unhandled errors

The actual bounty amount is determined by various factors including but not limited to severity, value at risk, and likelihood of being exploited.

Payouts are done in vesting $WEN on Solana.

## Reporting Bugs

Fill out this report and leave your preferred communication method. A member from the team will get back to you within 48 hours: <https://github.com/wen-community/wen-new-standard/security/advisories/new>&#x20;

## In-Scope

The eligible programs are linked below:

{% embed url="<https://github.com/wen-community/wen-new-standard?tab=security-ov-file>" %}

## Out of Scope Rules


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.wenwencoin.com/misc./bug-bounty-program.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.