-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
45 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| # SECURITY.md | ||
|
|
||
| ## Security Policy | ||
|
|
||
| Lighthouse is an open-source public good dedicated to the Solana ecosystem. While we (me, Jac0xb.sol) have limited resources for compensating security contributions, we highly value the efforts of the community in helping us maintain a secure Solana program. | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| If you discover any vulnerabilities or security issues, please report them responsibly by emailing us at [[email protected]](mailto:[email protected]). We aim to respond promptly and work with you to understand and address the issue. | ||
|
|
||
| ## Bounty Program | ||
|
|
||
| To show our appreciation for responsible disclosure, we offer the following bounty rewards based on the severity of the vulnerability: | ||
|
|
||
| | Threat Level | Description | Bounty Reward | | ||
| | ------------ | --------------------------------------------------------------------------------------------------------- | ------------- | | ||
| | Low | Minor bugs that do not directly affect functionality or security but could lead to potential issues. | 100 USDC | | ||
| | Medium | Vulnerabilities that could potentially impact contract functionality or expose limited user data. | 250 USDC | | ||
| | High | Critical vulnerabilities that can lead to loss of funds, unauthorized access, or significant disruptions. | 500 USDC | | ||
|
|
||
| ### Guidelines | ||
|
|
||
| - **Eligibility:** To be eligible for a bounty reward, you must be the first to report the issue, and it must be a legitimate vulnerability that is within scope. | ||
| - **Scope:** Only vulnerabilities found in the Lighthouse Solana smart contract are eligible. All other services are out of scope. | ||
| - **Responsible Disclosure:** Do not disclose the vulnerability publicly or to any third party before it has been addressed. | ||
|
|
||
| ## How to Report | ||
|
|
||
| When reporting a vulnerability, please include: | ||
|
|
||
| - **Description:** A detailed description of the vulnerability and its potential impact. | ||
| - **Reproduction Steps:** Step-by-step instructions to reproduce the issue. | ||
| - **Proof of Concept:** Any code, scripts, or screenshots that can help illustrate the issue. | ||
| - **Suggested Fixes:** Recommendations on how to fix the vulnerability, if available. | ||
|
|
||
| ## Disclaimer | ||
|
|
||
| - The bounty amounts are guidelines and may vary depending on the actual impact of the vulnerability. | ||
| - Rewards are granted at our discretion, and all decisions are final. | ||
| - This program may be updated or terminated at any time without prior notice. | ||
|
|
||
| --- | ||
|
|
||
| I deeply appreciate the efforts of security researchers and the community in keeping Lighthouse secure. Thank you for helping us protect our platform and its users. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters