Skip to content

Commit

Permalink
Clarify bug bounty payment policy (solana-labs#16488)
Browse files Browse the repository at this point in the history 
* Clarify bug bounty payment policy

* Fixup language

* Apply suggestions from code review

Co-authored-by: Tyera Eulberg <[email protected]>

* Update SECURITY.md

Co-authored-by: publish-docs.sh <[email protected]>
Co-authored-by: Tyera Eulberg <[email protected]>
  • Loading branch information
@danpaul000 @CriesofCarrots
3 people authored Apr 12, 2021
1 parent fffff2c commit 8c498db
Showing 1 changed file with 17 additions and 3 deletions.
20 changes: 17 additions & 3 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,13 +51,27 @@ The following components are out of scope for the bounty program
* Attacks that require social engineering

Eligibility:
* The participant submitting the bug bounty shall follow the process outlined within this document
* The participant submitting the bug report shall follow the process outlined within this document
* Valid exploits can be eligible even if they are not successfully executed on the cluster
* Multiple submissions for the same class of exploit are still eligible for compensation, though may be compensated at a lower rate, however these will be assessed on a case-by-case basis
* Participants must complete KYC and sign the participation agreement here when the registrations are open https://solana.com/validator-registration. Security exploits will still be assessed and open for submission at all times. This needs only be done prior to distribution of tokens.

Notes:
* All locked tokens can be staked during the lockup period
Payment of Bug Bounties:
* Payments for eligible bug reports are distributed monthly.
* Bounties for all bug reports submitted in a given month are paid out in the middle of the
following month.
* The SOL/USD conversion rate used for payments is the market price at the end of
the last day of the month for the month in which the bug was submitted.
* The reference for this price is the Closing Price given by Coingecko.com on
that date given here:
https://www.coingecko.com/en/coins/solana/historical_data/usd#panel
* For example, for all bugs submitted in March 2021, the SOL/USD price for bug
payouts is the Close price on 2021-03-31 of $19.49. This applies to all bugs
submitted in March 2021, to be paid in mid-April 2021.
* Bug bounties are paid out in
[stake accounts](https://solana.com/staking) with a
[lockup](https://docs.solana.com/staking/stake-accounts#lockups)
expiring 12 months from the last day of the month in which the bug was submitted.

<a name="process"></a>
## Incident Response Process
Expand Down

0 comments on commit 8c498db

Please sign in to comment.