# Crystal Caves Open Beta: Bug Bounty Program {% hint style="warning" %} **Submitting feedback instead of a bug?** Please use this [Google Form](https://forms.gle/K3Z95XcPGFRm53CY9) instead. {% endhint %} ## Bug Bounty Program Overview Crystal Caves (CC) Open Beta invites the community to report bugs and vulnerabilities to ensure a safe gaming environment. Rewards are given for valid findings that help secure our ecosystem starting October 15th, 2024. ## **Scope** The following areas of **Crystal Caves** are in scope: * Smart contracts and on-chain transactions * Game mechanics (e.g., mining, block defogging, ZK-PoW) * Authentication, Platform Integrations, and Web Interface * Point distribution systems. ## **Exclusions** The following will **not** be eligible for rewards: * Vulnerabilities discovered via automated tools. * DDOS attacks. * User enumeration issues without significant security impact. * Vulnerabilities are already covered in CC audits or previously submitted bugs. ## **Submission Process** Submit reports via [Google Form](https://forms.gle/KviM7NYf5GVLo3kx6), including: * Detailed bug descriptions * Screenshots and reproduction steps * Screen recording / Video (Optional) Only the first valid report will be rewarded. **After 48-72 hours of submission, a team member will contact you via the contact information provided in the form.** ## **Severity and Reward Structure** Severity is based on the [Immunefi system](https://immunefi.com/severity-system/), categorized as: * Critical * High * Medium * Low **Rewards (Lumens, USDT)** depend on business impact, report clarity, and reproducibility. ## **Responsible Disclosure Guidelines** * Report vulnerabilities as soon as they are discovered. * Allow a reasonable time for the WORLD3 team to address the issue before public disclosure. * Avoid any disruption to services, privacy violations, or data loss. * Only test using your accounts unless permission is granted. * Do not share or spread details about the vulnerability on social media platforms or other public channels unless explicitly authorized by the WORLD3 team. WORLD3 team reserves the right to disclose vulnerabilities found at its discretion while respecting the researcher's privacy. ## **Fine Print** * Rewards are subject to applicable laws and taxes. * The program terms may sometimes be modified, and changes will not apply retroactively. * Users must comply with the [**WORLD3 Terms of Use**](https://world3.ai/assets/WORLD3%20Terms%20of%20Use.pdf). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.world3.ai/world3/how-to-guides/crystal-caves/crystal-caves-open-beta-bug-bounty-program.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.