# Bug Bounty

The PancakeSwap bug bounty program is focused around our smart contracts, websites, and apps with a primary interest in the prevention of loss of user funds, either by direct draining of locked funds or social engineering attacks by redirecting users or forcing them to sign a transaction.

{% embed url="<https://immunefi.com/bounty/pancakeswap/>" %}

**Smart Contracts and Blockchain**\*

| Level    |                      |
| -------- | -------------------- |
| Critical | up to USD $1,000,000 |
| High     | USD $40,000          |
| Medium   | USD $5,000           |
| Low      | USD $1,000           |

\*All bug reports must include a Proof of Concept demonstrating how the vulnerability can be exploited to be eligible for a reward. This may be a smart contract itself or a transaction.

**Website and Apps**

| Level      |            |
| ---------- | ---------- |
| Critical\* | USD $7,500 |
| High       | USD $4,000 |
| Medium     | USD $1,500 |

\*XSS reports are restricted to those that have an impact of prompting a user to sign a transaction or a redirect.

All payouts are done by the **PancakeSwap** team and are pegged to the **USD** values set here and are payable in **CAKE** or **BUSD**.