# Bug Bounty

The Beanstalk DAO launched a bug bounty program with Immunefi was launched on October 11, 2022.

Basin and its components have been added as in-scope of the program. This bug bounty program is focused on the [Beanstalk](https://bean.money/), Basin and [Pipeline](https://evmpipeline.org/) smart contracts and preventing the loss of user funds. The maximum bounty is **1,100,000 Beans**.

You can find the bug bounty program and submit bug reports [here](https://immunefi.com/bounty/beanstalk):

{% embed url="<https://immunefi.com/bounty/beanstalk/>" %}

In order to be considered for the maximum potential reward, bug reports must come with (1) a Proof of Concept (PoC), and (2) code implementing the fix.

Bug reports that do not come with a PoC and code implementing a fix may qualify for a maximum of up to 30% of the potential reward outlined below, as determined by the Beanstalk Immunefi Committee (BIC). You can read more about the BIC here:

* [BIC Process](https://docs.bean.money/almanac/governance/beanstalk/bic-process)
* [BICM Dashboard](https://docs.bean.money/almanac/governance/beanstalk/bicm-dashboard)

All vulnerabilities noted in [any audit reports in the Beanstalk Audits repository](https://github.com/BeanstalkFarms/Beanstalk-Audits) (or otherwise known by the BIC, [BCM](https://docs.bean.money/almanac/governance/beanstalk/bcm-dashboard), or [Root DAO Multisig](https://docs.roottoken.org/governance/root-token/rdm-dashboard)) are not eligible for a reward.