> ## Documentation Index > Fetch the complete documentation index at: https://docs.polygon.technology/llms.txt > Use this file to discover all available pages before exploring further. # Bug bounty programs > Active bug bounty programs for Polygon infrastructure, including platforms, scopes, and reward ranges. ## Active programs ### Agglayer smart contracts **Platform:** Cantina **Scope:** Agglayer smart contracts **Rewards:** Up to \$1,000,000 for critical findings View program on Cantina → *** ### Polygon PoS chain **Platform:** Immunefi **Scope:** Bor client, Heimdall consensus layer, bridge contracts, and staking smart contracts **Rewards:** Up to \$1,000,000 for critical findings View program on Immunefi → *** ### Websites and applications **Platform:** HackerOne **Scope:** Websites, web applications, and APIs related to Polygon Labs developed products **Rewards:** Varies by severity View program on HackerOne → *** ## How to submit a report Before submitting, review each program's scope and rules carefully. Out-of-scope submissions may not qualify for rewards. Each program defines specific in-scope and out-of-scope targets. Confirm your finding falls within the applicable program's scope before proceeding. Search existing reports on the platform to avoid submitting known issues. Include steps to reproduce, an impact assessment, and any proof-of-concept code or evidence. Do not publicly disclose vulnerabilities before they are resolved. Submit through the program platform. ## Other ways to report If your finding does not fit any of the programs above, or if you prefer to report directly, see the [responsible disclosure](/tools/security/disclosure/) page for instructions on how to contact the security team securely. ## Related resources * [Security overview](/tools/security/overview/): Polygon Labs' security practices * [Security reports](/tools/security/reports/): Public security audits and assessments * [Contact security team](/tools/security/contact/): Direct contact information