> For the complete documentation index, see [llms.txt](https://docs.lagomchain.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.lagomchain.com/security-overview/simple-arrangement-for-funding-upload-safu.md). # Simple Arrangement for Funding Upload (SAFU) The **Simple Arrangement for Funding Upload (SAFU)** defines LagomChain’s post-exploit policy for handling active security vulnerabilities. SAFU is designed to encourage white hat hackers to responsibly return exploited funds while offering a structured bounty system as a reward. ### **Key SAFU Guidelines** * **Legal Protection for White Hats** * Hackers who follow SAFU guidelines will not face legal action. * **Grace Period for Returning Funds** * White hat hackers must return exploited funds to a designated dropbox address within a grace period to qualify for rewards. * **Bounty Rewards for Secured Funds** * A percentage of recovered funds (up to a predefined bounty cap) will be awarded. * Rewards are distributed during the next network upgrade. * **KYC/KYB for High-Value Rewards** * If a reward exceeds a certain threshold, the recipient must complete Know Your Client (KYC) / Know Your Business (KYB) verification. * **Exclusion of Malicious Actors** * Hackers who exploit vulnerabilities for malicious purposes are not eligible for rewards. * **Scope of Eligible Funds** * White hat hackers will not receive rewards for funds retrieved from "Out of Scope Projects" (i.e., projects without their own SAFU program). For full details, visit the LagomChain SAFU Agreement. ### **SAFU Dropbox Address** The **Dropbox Address** is a secure, protocol-controlled wallet where white hat hackers should deposit recovered funds. This address is not controlled by any individual or team—it is fully governed by the LagomChain protocol. #### **LagomChain SAFU Dropbox Address:** * **Bech32 Format:**\ `lagom1c6jdy4gy86s69auueqwfjs86vse7kz3grxm9h2` * **Hex Format:**\ `0xc6A4d255043ea1A2F79CC81c9940FA6433eb0A28` ### **Address Derivation** The Dropbox Address is cryptographically derived using the first 20 bytes of the SHA256 hash of the "safu" string, ensuring immutability and security. ```go goCopyEditaddress = sha256.Sum256([]byte("safu"))[:20] ``` ### **How White Hats Can Secure Vulnerable Funds** 1. Identify the exploit and secure the compromised funds. 2. Transfer the funds to the SAFU Dropbox Address within the Grace Period. 3. Follow the SAFU guidelines to remain eligible for a bounty. ### **How to Claim a Bounty Reward** * Rewards will be distributed during the next network upgrade. * For high-value rewards, KYC/KYB verification is required. ### **Security Recommendations for dApps on LagomChain** LagomChain’s SAFU program does not cover funds from individual dApps. Therefore, all dApps are encouraged to implement their own SAFU mechanisms to protect against security threats. #### **Recommended Implementation:** * Use [SAFU.sol](https://github.com/JumpCrypto/Safu/) from Jump Crypto as a reference for secure fund recovery. ### --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.lagomchain.com/security-overview/simple-arrangement-for-funding-upload-safu.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.