# CLMM bug bounty details

**Raydium’s full bug bounty program with Immunefi** can be found at: <https://immunefi.com/bounty/raydium/>

***

#### Documentation <a href="#documentation" id="documentation"></a>

* [Raydium CLMM v3 overview document](https://github.com/raydium-io/raydium-docs/blob/master/dev-resources/raydium-clmm-dev-doc.pdf)

***

#### Testnet reference <a href="#testnet-reference" id="testnet-reference"></a>

A public Solana testnet deployment exists at:

<https://explorer.solana.com/address/proKtffCScMcwkFkPHFcuHawN7mWxRkhyh8PGxkTwYx>

> Public testnets are provided for reference only. **Testing on public testnets or mainnet is prohibited.** All testing must be conducted on private test environments.

***

#### Assets in scope <a href="#assets-in-scope" id="assets-in-scope"></a>

Only contracts listed in the repository below are considered in scope for the CLMM bug bounty:

* <https://github.com/raydium-io/raydium-clmm>

If a **critical impact** affects any other Raydium-managed asset not listed here, but the impact matches those defined in the bug bounty overview, it may still be submitted for consideration.

#### Disclosure and contact <a href="#disclosure-and-contact" id="disclosure-and-contact"></a>

For vulnerabilities not submitted via Immunefi, please email:

📧 **<security@reactorlabs.io>**

Include:

* A detailed description of the attack vector
* A proof of concept for high and critical severity issues

The team will respond within **24 hours** with next steps or follow-up questions.