# Responsible Disclosure RAX Protocol is committed to the responsible disclosure and remediation of security vulnerabilities. *** #### Scope Responsible disclosure applies to vulnerabilities in RAX Protocol smart contracts, the vault and strategy adapter system, API and data handling, allocation and risk engine logic, and user-facing applications. Issues affecting external protocols (Aave, Compound, etc.) should be reported to their respective maintainers. #### How to Report If you believe you have identified a security vulnerability, please report it privately. Reports should include a clear description, steps to reproduce, potential impact assessment, and any relevant proof of concept. Do not publicly disclose vulnerabilities before remediation or coordination. #### Process Upon receiving a report, RAX will acknowledge receipt, assess severity and impact, work to validate and remediate, and coordinate disclosure timing. All reports are handled promptly. #### Bug Bounty A formal bug bounty program may be introduced in the future. Until then, responsible disclosure is encouraged and recognition may be provided on a case-by-case basis. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.raxprotocol.xyz/security/responsible-disclosure.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.