# Platform Rules
In order to facilitate cordial and productive exchanges between protocol customers and whitehats, Sherlock has established a set of rules for whitehats and protocol customers to define proper conduct.
Breaking these rules as a whitehat could result in removal or ban from the Sherlock platform and/or withholding of payout.
Breaking these rules as a protocol team could result in removal from the Sherlock platform and/or provide cause for breakage of the mutually signed agreement.
### Whitehats
#### Ethical Standards
* Adhere to ethical standards and legal guidelines. Any actions that compromise the integrity, privacy, or availability of systems beyond what is necessary for testing are strictly prohibited.
* No harm: Ensure that your testing does not negatively impact users or infrastructure.
* Always default to the assumption that the protocol team has good intentions.
* Do not threaten, blackmail, dox, or otherwise create a negative environment for the protocol customer.
* Do not communicate with the protocol customer outside of the official channel provided by Sherlock
* By submitting a vulnerability through Sherlock, you are agreeing to abide by the outcome of the Sherlock dispute resolution process
#### Testing Environment
* Replicating tests on public mainnet or testnet is prohibited. All testing should be conducted on local forks of either testnet or mainnet.
* Use only authorized environments for testing to avoid any unintended disruptions or security risks.
* Avoid testing with external dependencies and third-party systems not controlled by the protocol customer to avoid any leaks of the potential vulnerability
#### Service Disruptions
* Any denial of service attacks that are executed against project assets are strictly forbidden.
* Automated testing of services that generates significant amounts of traffic is not permitted.
#### Vulnerability Disclosure
* Do not publicly disclose vulnerabilities before they are resolved. Reports must be submitted through the Sherlock platform, and we will notify you when it is safe to disclose.
* Do not discuss (publicly or otherwise) any aspect of a submitted vulnerability without consent from the protocol customer
* Report via Sherlock: Use the official reporting channels to submit your findings.
* Never exploit a vulnerability or threaten to do so
* Do not attempt to rescue funds without the written consent of the protocol customer
* Publicly known bugs or bugs reported in a previous audit are never eligible for payout or reimbursement of deposit
#### Payouts
* Do not try to cajole a protocol customer into paying you. Always use the provided Sherlock resolution mechanisms.
### Protocol Customers
#### Ethical Standards
* Do not communicate with the whitehat outside of the official channel provided by Sherlock.
* Do not pay whitehats who submit bugs on Sherlock outside of Sherlock’s designated channel or without Sherlock’s consent.
* Do not claim a bug report is a known or duplicate issue without clear evidence of where it was publicly available before the whitehat’s submission timestamp.
* Always default to the assumption that the whitehat has good intentions.
* By listing your bug bounty program on Sherlock, you are agreeing to abide by the outcome of the Sherlock dispute resolution process.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.sherlock.xyz/bug-bounties/post-launch-bounty/platform-rules.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.