# Bug Bounty Program

OnRe operates an active bug bounty program through [Immunefi](https://immunefi.com). Security researchers and ethical hackers are invited to identify and responsibly disclose vulnerabilities across OnRe's infrastructure.

Issues may be submitted directly through Immunefi or reported privately to the OnRe team. All reported vulnerabilities are reviewed by OnRe's engineering team. Remediation notes and relevant details are published to the OnRe GitHub repository upon resolution.

Learn more about our bug bounty program here: <https://immunefi.com/bug-bounty/onre/information/>.

#### Rewards

Rewards of up to $100,000 are available and are determined by the potential impact of the vulnerability, as defined below. Payouts are handled by the OnRe team directly and are denominated in USD. However, payments are done in USDC.

| Threat Level | Reward                                  |
| ------------ | --------------------------------------- |
| Critical     | <p>Max: $100,000</p><p>Min: $10,000</p> |
| High         | $5,000                                  |
| Medium       | $2,000                                  |
| Low          | $1,000                                  |

#### KYC Requirement

The provision of KYC is required to receive a reward for this bug bounty program where the following information will be required to be provided:

* Identity Document
* Proof of Address

KYC information is only required on confirmation of the validity of a bug report and will be handled by [Onfido](https://onfido.com/?utm_source=immunefi). Researchers resident in [jurisdictions excluded under OnRe's policy](https://docs.onre.finance/legal/onyc-excluded-jurisdictions?utm_source=immunefi) and researchers in OFAC-sanctioned jurisdictions are not eligible to receive rewards.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.onre.finance/technical-resources/security-and-verification/bug-bounty-program.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.