From a98aefa14e6f041b60d3b19324abf88ebe4d0a04 Mon Sep 17 00:00:00 2001 From: Dan Albert <17752692+danpaul000@users.noreply.github.com> Date: Wed, 6 Oct 2021 13:57:52 -0600 Subject: [PATCH] Update security bounty levels (#20471) Co-authored-by: publish-docs.sh --- SECURITY.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 0d6d829fed..bd59590461 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -18,24 +18,24 @@ Expect a response as fast as possible, within one business day at the latest. We offer bounties for critical security issues. Please see below for more details. Loss of Funds: -$500,000 USD in locked SOL tokens (locked for 12 months) +$2,000,000 USD in locked SOL tokens (locked for 12 months) * Theft of funds without users signature from any account * Theft of funds without users interaction in system, token, stake, vote programs * Theft of funds that requires users signature - creating a vote program that drains the delegated stakes. Consensus/Safety Violations: -$250,000 USD in locked SOL tokens (locked for 12 months) +$1,000,000 USD in locked SOL tokens (locked for 12 months) * Consensus safety violation * Tricking a validator to accept an optimistic confirmation or rooted slot without a double vote, etc.. Other Attacks: - $100,000 USD in locked SOL tokens (locked for 12 months) + $400,000 USD in locked SOL tokens (locked for 12 months) * Protocol liveness attacks, * Eclipse attacks, * Remote attacks that partition the network, DoS Attacks: -$25,000 USD in locked SOL tokens (locked for 12 months) +$100,000 USD in locked SOL tokens (locked for 12 months) * Remote resource exaustion via Non-RPC protocols RPC DoS/Crashes: