# Bug Bounty The OmniPact Vulnerability Bounty Program primarily targets our smart contracts, websites, and applications, with a main focus on preventing user fund losses, whether through directly stealing locked funds, or through social engineering attacks such as redirecting users or forcing them to sign transactions. > ### Smart contracts and blockchain | Level | ​ | | -------- | -------------------------- | | critical | Up to 1 million US dollars | | tall | Up to $20,000 | | medium | Up to $2,000 | All vulnerability reports must include a proof of concept demonstrating how to exploit the vulnerability to be eligible for a reward. This can be the smart contract itself or a transaction.Websites and applications | Level | ​ | | -------- | --------------- | | critical | 7500 US dollars | | tall | 4000 US dollars | | medium | 1500 dollars | \*XSS reports are limited to those that affect users, prompting them to sign transactions or redirect.All payments are made by the **OmniPact** team,And it is pegged to the U.S. dollar value set here, and can be paid in **PACT** or **USDT**. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.omnipact.io/developers/bug-bounty.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.