# Remedy Code Of Conduct

When participating in programs on Remedy (further "Platform"), all Security Researchers are expected to support our community values by following the Remedy Code of Conduct (CoC). This CoC adds to the[ General Terms and Conditions](https://docs.r.xyz/legal-notices/) that researchers agree to upon creating an account. 

Some programs may also include specific rules of engagement or conduct within their policies, which can be enforced through program-level sanctions. Therefore, Security Researchers must review the program policies before engaging in any program. 

It should also be noted that the Enforcement Measures described herein might be enforced more strictly than described below if they occur in combination or are affected by other case-specific conditions.

## 1. CoC Violations

<details>

<summary>1.1 Unethical Behavior</summary>

Security Researchers must act professionally and ethically. \
The definition of unethical behavior includes, but is not limited to:

1. Begging for a Bounty reward that is not owed to the Security Researcher based on the terms of the Program.
2. Requesting gas fees from the Platform or the Program.
3. Disputing a Report after it has been paid or marked as closed, except for requesting mediation.
4. Falsely claiming that a bug report affects an Asset in scope when it does not.
5. Exaggerating the severity of a Report to receive a higher Bounty pay-out.
6. Underreporting or misrepresenting vulnerabilities to receive a higher Bounty.

</details>

<details>

<summary>1.2 Abusive Behavior/Harassment</summary>

1. Conducting attacks based on personal characteristics, such as race, gender, religion, or sexual orientation.
2. Engaging in harassment or abusive communication with the Program, the Platform, or other Security Researchers.

</details>

<details>

<summary>1.3 Unsafe Testing/Service Degradation</summary>

Security Researchers must not perform unsafe testing without prior authorization. This includes (but is not limited to):

1. Testing with live or public testnet contracts without permission from the Program.
2. Conducting automated testing that generates excessive traffic on the Program owner's platform.
3. Attempting to exploit or attack the project on the Platform.
4. Accessing sensitive information beyond what is necessary to submit the bug report or conduct mediation.
5. Impacting the stability of customer systems outside of posted testing policies.
6. Contributing fixes to the Program's repository without obtaining explicit permission.

</details>

<details>

<summary>1.4 Irresponsible disclosure </summary>

1. Revealing the Report or its existence to the public before the Program has addressed and compensated it and fixed the bugs revealed in the report.
2. Revealing the Report to the public before 45 days have passed since the Project determined it was out of scope or did not require a fix.
3. Revealing a Report that is considered a duplicate or already known to the Program.
4. Revealing a valid Report accepted by the Program and for which the Bounty was paid without the prior written confirmation of the Program owner.
5. Disclosing sensitive information beyond what is necessary to submit the bug report or conduct mediation.
6. Publishing content that violates the law or when communicating with the Program.

</details>

<details>

<summary>1.5 Communicating with the Program Team Outside Of The Platform</summary>

1. All communication between the Security Researcher and the Project must be conducted through the platform's built-in features (e.g., chat). Any communication concerning the Programs published on the Platform conducted outside the Platform will be considered a breach of this CoC.

</details>

<details>

<summary>1.6 Theft of Intellectual Property</summary>

1. Upon accepting the Report and subsequent closing its status, the Security Researcher acknowledges that the report's ownership is transferred to the Program owner. This transfer occurs when the Security Researcher receives the Bounty and doesn’t protest the case within 7 days after the transfer.

</details>

<details>

<summary>1.7 Social Engineering</summary>

1. Phishing or conducting other social engineering attacks against the Program or the Platform is strictly prohibited.

</details>

<details>

<summary>1.8 Extortion/Blackmail</summary>

1. Engaging in extortion, blackmail, or threats of extortion/blackmail against the Program or any of its members.
2. Threaten to exploit/attack the Program or the Platform.
3. Threatening violence against the Program, Platform, or any of its members or other Security Researchers.
4. Threatening to publish or publishing people's personal information without their consent.
5. Pretending to be other Security Researchers.

NOTE: A breach of this section will most probably lead to criminal prosecution.&#x20;

</details>

<details>

<summary>1.9 Spamming</summary>

Spam includes any report or communication that is incomprehensible, AI-generated without meaningful human review, abusive, or harassment-based in nature. This also covers any attempt to use the platform to promote, advertise, or sell products or services.

</details>

<details>

<summary>1.10 Irresponsible Use of Remediation Requests</summary>

The Remediation Request feature is available on reports submitted to non-triaged programs. It allows researchers to escalate to the Remedy team when communication with the organization is not progressing as expected. This function can only be used once per report and is intended solely as a last resort for resolving genuine communication breakdowns.

Irresponsible use includes, but is not limited to:

* Submitting a remediation request without a legitimate reason or prior attempt to resolve the issue directly with the organization
* Using the feature as a routine follow-up tool rather than a last-resort escalation
* Submitting a remediation request to pressure or fast-track a response outside of normal program timelines
* Exploiting the feature to repeatedly involve the Remedy team in disputes that do not warrant escalation

</details>

### 2. Enforcement Measures

<table><thead><tr><th>Point #</th><th width="213">Incident</th><th width="137">1st violation</th><th width="137">2nd violation</th><th width="141">3rd violation</th><th width="152">4th violation</th><th width="136">5th violation</th></tr></thead><tbody><tr><td>2.1</td><td><strong>Unethical Behavior</strong></td><td>Educational</td><td>1st Warning</td><td>Final Warning</td><td>Temporary ban (1 month)</td><td>Permanent ban</td></tr><tr><td>2.2</td><td><strong>Abusive Behavior/Harassment</strong></td><td>Final Warning</td><td>Temporary ban (1 month)</td><td>Permanent ban</td><td></td><td></td></tr><tr><td>2.3</td><td><strong>Unsafe Testing/Service Degradation</strong></td><td>1st Warning</td><td>Final Warning</td><td>Temporary ban (1 month)</td><td>Permanent ban</td><td></td></tr><tr><td>2.4</td><td><strong>Irresponsible disclosure</strong></td><td>Temporary ban (1 month)</td><td>Permanent ban</td><td></td><td></td><td></td></tr><tr><td>2.5</td><td><strong>Communicating with the Program Team Outside Of The Platform</strong></td><td>Educational</td><td>Final Warning</td><td>Temporary ban (1 month)</td><td>Permanent ban</td><td></td></tr><tr><td>2.6</td><td><strong>Theft of Intellectual Property</strong></td><td>Temporary ban (1 month)</td><td>Permanent ban</td><td></td><td></td><td></td></tr><tr><td>2.7</td><td><strong>Social Engineering</strong></td><td>Permanent ban</td><td></td><td></td><td></td><td></td></tr><tr><td>2.8</td><td><strong>Extortion/Blackmail</strong></td><td>Permanent ban</td><td></td><td></td><td></td><td></td></tr><tr><td>2.9</td><td><strong>Spamming</strong></td><td>Educational</td><td>1st Warning</td><td>Final Warning</td><td>Temporary ban (1 month)</td><td>Permanent ban</td></tr><tr><td>2.10</td><td><strong>Irresponsible Use of Remediation Requests</strong></td><td>1st Warning</td><td>Final Warning</td><td>Temporary ban (1 month)</td><td>Permanent ban</td><td></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.r.xyz/main/bug-bounty/overall/rules-and-policies/remedy-code-of-conduct.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.