# Security Policy *Last Updated: May 27, 2026* {% hint style="info" %} Sol Incinerator is committed to the security of its on-chain programs and platform. We welcome good-faith reports from the security research community and are committed to working with researchers to verify and address any vulnerabilities that are reported to us. {% endhint %} ### 1. Reporting a Vulnerability *** If you believe you have identified a security vulnerability in Sol Incinerator’s smart contracts or platform, please report it by emailing . Your report should include: * A clear description of the vulnerability * Steps to reproduce the issue * Any relevant transaction IDs, program addresses, or proof-of-concept code * An assessment of potential impact, if possible We review all reports and will respond to credible submissions as soon as reasonably practicable, keeping you updated on remediation progress through to resolution. ### 2. Responsible Disclosure *** We ask that security researchers adhere to the following guidelines: * Do not exploit any vulnerability beyond what is strictly necessary to demonstrate its existence * Do not access, modify, or exfiltrate other users’ funds or data * Do not disclose the vulnerability publicly until we have had a reasonable opportunity to investigate and deploy a fix * Do not conduct testing against our production systems in a way that degrades service for other users Researchers who act in good faith in accordance with these guidelines will not be subject to legal action by Sol Incinerator in connection with their research. ### 3. Bug Bounty *** We pay bounties at our discretion after verifying the reported issue, up to 10% of demonstrated value at risk. Bounties are subject to the following conditions: * The vulnerability must be disclosed to Sol Incinerator under coordinated disclosure — details must not be shared with any third parties until a fix has been deployed and verified by Sol Incinerator * The reporter must not have exploited the vulnerability without our explicit consent * The report must be submitted in good faith with sufficient detail to reproduce and assess the issue Bounty amounts are determined at our sole discretion based on severity, demonstrated impact, and quality of the report. We will communicate our decision directly to the reporter following our investigation. ### 4. Scope *** **In scope:** Sol Incinerator on-chain programs deployed on Solana mainnet and the sol-incinerator.com web interface. The following are out of scope: * Third-party dependencies and infrastructure not under our direct control * Social engineering or phishing attacks targeting our team or users * Denial-of-service attacks * Issues already known to us or previously reported by another researcher ### 5. Contact *** All security-related correspondence should be directed to . Please do not use this address for general support inquiries. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sol-incinerator.com/security-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.