You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: SECURITY.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,20 +7,21 @@ Threshold Network has a [Bug Bounty program with Immunefi](https://immunefi.com/
7
7
The details for the Bug Bounty are maintained and updated at the [Immunefi dedicated space to Threshold](https://immunefi.com/bounty/thresholdnetwork/). There you can explore the assets in scope of the Bounty and the different rewards by threat level. As a guide, the initial bounty program launched with the following rewards according to the severity of the threats found:
8
8
9
9
Smart Contracts
10
+
10
11
- Critical Level: USD $100,000 to USD $500,000
11
12
- High Level: USD $10,000 to USD $50,000
12
13
- Medium Level: USD $1,000 to USD $5,000
13
14
- Low Level: USD $1,000
14
15
15
16
Websites and Applications
17
+
16
18
- Critical Level: USD $10,000 to USD $25,000
17
19
- High Level: USD $1,000 to USD $10,000
18
20
- Medium Level: USD $1,000
19
21
20
22
A great place to begin your research is by working on our testnet. Please see our [documentation](https://docs.threshold.network) to get started. We ask that you please respect network machines and their owners. If you find a vulnerability that you suspect has given you access to a machine against the owner's permission, stop what you're doing and create a report using the immunefi dashboard for researchers.
21
23
22
-
Rewards are distributed according to the impact of the vulnerability based on the [Immunefi Vulnerability Severity Classification System V2.3](https://immunefi.com/immunefi-vulnerability-severity-classification-system-v2-3/). This is a simplified 4-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs, focusing on the impact of the vulnerability reported.
23
-
24
+
Rewards are distributed according to the impact of the vulnerability based on the [Immunefi Vulnerability Severity Classification System V2.3](https://immunefi.com/immunefi-vulnerability-severity-classification-system-v2-3/). This is a simplified 4-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs, focusing on the impact of the vulnerability reported.
24
25
25
26
## Reporting a Vulnerability Not Covered by the Bug Bounty Program
26
27
@@ -29,4 +30,3 @@ Please, verify the list of assets in-scope and out-of-scope available as part of
29
30
Threshold DAO will try to make an initial assessment of a bug's relevance, severity, and exploitability, and communicate this back to the reporter. The Threshold DAO will compensate important findings on a case-by-case basis. We value security researchers and we encourage you to contact us to discuss your findings.
30
31
31
32
We also ask all researchers to please submit their reports in English.
0 commit comments