# Bug-Bounty Program OLTA runs an open **bug bounty program** to engage ethical hackers, developers, and security researchers in identifying potential vulnerabilities across its smart contracts and architecture. This program is part of OLTA’s commitment to transparency, defense-in-depth, and continuous improvement. *** #### Scope of Coverage The bug bounty program covers: * Smart contracts handling IRT issuance, NAV calculation, and redemptions * Oracle integration, slippage smoothing, and price feed manipulation vectors * Access control and role-based permissions * Governance-related attack surfaces * UI/API interactions with onchain systems (as applicable) *** #### Reward Tiers Bug rewards are determined by **impact severity** and **exploitability**: | Severity | Example Vulnerability | Reward (in USDC / $OLTA) | | -------- | ------------------------------------------ | ------------------------ | | Critical | Loss of funds, minting bypass, NAV exploit | $10,000+ | | High | Oracle manipulation, mispricing logic | $2,500 – $10,000 | | Medium | Governance misconfig, gas griefing | $500 – $2,500 | | Low | UI/API inconsistencies, non-critical bugs | Up to $500 | *** #### Disclosure Process * Submit findings to: `security@olta.finance` (From Q1 2026) * Include reproduction steps and, if applicable, suggested mitigation * We respond within 5 business days and confirm eligibility and reward tier * White-hat contributors may be publicly credited upon request *** #### Responsible Research Encouraged We welcome collaboration with researchers and firms who share OLTA’s vision for secure, transparent, and composable onchain finance. > Security is a shared responsibility. The bug bounty program gives the community a direct role in protecting OLTA’s ecosystem. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://oltafinance.gitbook.io/oltafinance/security-and-audits/bug-bounty.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.