From 79b9999f0890ae67078056b8951be8617d7f2870 Mon Sep 17 00:00:00 2001
From: drebaglioni <57418452+drebaglioni@users.noreply.github.com>
Date: Tue, 16 Jan 2024 20:07:44 -0800
Subject: [PATCH] Update SECURITY.md (#34800)

Added announcement of changes in bounty payouts AND added the high/low for each payout under the respective category
---
 SECURITY.md | 34 ++++++++++++++++++++++++++++------
 1 file changed, 28 insertions(+), 6 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 2938bf7bb..24093819f 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -99,33 +99,55 @@ At its sole discretion, the Solana Foundation may offer a bounty for
 for more details. The submitter is not required to provide a
 mitigation to qualify.
 
+#### IMPORTANT | PLEASE NOTE
+_Beginning February 1st 2024, the Security bounty program payouts will be updated in the following ways:_
+- _Bug Bounty rewards will be denominated in SOL tokens, rather than USD value._
+_This change is to better reflect for changing value of the Solana network._
+- _Categories will now have a discretionary range to distinguish the varying severity_
+_and impact of bugs reported within each broader category._
+
+_Note: Payments will continue to be paid out in 12-month locked SOL._
+
+
 #### Loss of Funds:
-$2,000,000 USD in locked SOL tokens (locked for 12 months)
+Current: $2,000,000 USD in locked SOL tokens (locked for 12 months)<br/>
+_**As of 2/1/24:** Max: 25,000 SOL tokens. Min: 6,250 SOL tokens_
+
 * Theft of funds without users signature from any account
 * Theft of funds without users interaction in system, stake, vote programs
 * Theft of funds that requires users signature - creating a vote program that drains the delegated stakes.
 
 #### Consensus/Safety Violations:
-$1,000,000 USD in locked SOL tokens (locked for 12 months)
+Current: $1,000,000 USD in locked SOL tokens (locked for 12 months)<br/>
+_**As of 2/1/24:** Max: 12,500 SOL tokens. Min: 3,125 SOL tokens_
+
 * Consensus safety violation
 * Tricking a validator to accept an optimistic confirmation or rooted slot without a double vote, etc.
 
 #### Liveness / Loss of Availability:
-$400,000 USD in locked SOL tokens (locked for 12 months)
+Current: $400,000 USD in locked SOL tokens (locked for 12 months)<br/>
+_**As of 2/1/24:** Max: 5,000 SOL tokens. Min: 1,250 SOL tokens_
+
 * Whereby consensus halts and requires human intervention
 * Eclipse attacks,
 * Remote attacks that partition the network,
 
 #### DoS Attacks:
-$100,000 USD in locked SOL tokens (locked for 12 months)
+Current: $100,000 USD in locked SOL tokens (locked for 12 months)<br/>
+_**As of 2/1/24:** Max: 1,250 SOL tokens. Min: 315 SOL tokens_
+
 * Remote resource exhaustion via Non-RPC protocols
 
 #### Supply Chain Attacks:
-$100,000 USD in locked SOL tokens (locked for 12 months)
+Current: $100,000 USD in locked SOL tokens (locked for 12 months)<br/>
+_**As of 2/1/24:** Max: 1,250 SOL tokens. Min: 315 SOL tokens_
+
 * Non-social attacks against source code change management, automated testing, release build, release publication and release hosting infrastructure of the monorepo.
 
 #### RPC DoS/Crashes:
-$5,000 USD in locked SOL tokens (locked for 12 months)
+Current: $5,000 USD in locked SOL tokens (locked for 12 months)<br/>
+_**As of 2/1/24:** Max: 65 SOL tokens. Min: 20 SOL tokens_
+
 * RPC attacks
 
 ### Out of Scope: