LogoLogo
Threshold WebsitetBTC v2 DocsTACo Docs
  • What is the Threshold Network?
  • THRESHOLD DASHBOARD
    • tBTC Minting Walkthrough
  • Applications
    • tBTC Bitcoin Bridge
      • Fees
      • Wallet Generation
      • Wallet Signing
      • The Path to Permissionlessness
      • Sweeping
      • Coverage Pool
    • Threshold USD
      • Overview of thUSD
      • Borrowing
      • Stability Pool and Liquidations
      • Redemptions and thUSD Price Stability
      • Recovery Mode
      • Bootstrapping
        • Initial Protocol Loan
      • B. Protocol
      • thUSD on Build on Bitcoin (BOB)
        • Connecting to BOB Network
        • Bridging Collateral to BOB Network
        • Opening Collateral Vaults and Minting thUSD
  • Governance
    • Threshold DAO
      • 🗳️Governance Process
      • 🙋‍♀️Guilds
      • đź’°Threshold Multisigs
      • Threshold DAO Rules
    • Vote Delegation
      • Liquid Token Delegation
  • Staking & Running a Node
    • tBTC v2 Node Setup
      • Operator Account
      • Application Authorization & Operator Registration
      • Network Configuration
      • Data Storage
      • Installation
        • Docker Installation
        • Binary Installation
      • Updating tBTC v2 Node
      • Advanced Options
        • Alternatives to Dashboard
        • Logging
        • Config File
        • CLI Options
        • Client Info
      • Frequently Asked Questions
      • Sepolia Testnet
        • Testnet tBTC v2 node Setup
    • tBTC Beta Stakers Program
  • App Development
    • DAO Contracts
      • DAO Contracts API
        • BaseTokenholderGovernor
        • Checkpoints
        • GovernorParameters
        • IApplication
        • ILegacyTokenStaking
        • IStaking
        • IVotesHistory
        • KeepStake
        • PercentUtils
        • ProxyAdminWithDeputy
        • SafeTUpgradeable
        • StakerGovernor
        • StakerGovernorVotes
        • T
        • TokenholderGovernor
        • TokenholderGovernorVotes
        • TokenStaking
        • VendingMachine
    • Random Beacon
      • Random Beacon API
        • AltBn128
        • BeaconAuthorization
        • BeaconDkg
        • BeaconDkgValidator
        • BeaconInactivity
        • BLS
        • BytesLib
        • Callback
        • Governable
        • Groups
        • IRandomBeacon
        • IRandomBeaconConsumer
        • ModUtils
        • RandomBeacon
        • RandomBeaconChaosnet
        • RandomBeaconGovernance
        • Reimbursable
        • ReimbursementPool
        • Relay
    • tBTC
      • tBTC SDK
        • Quickstart
        • Architecture
        • Guides
          • Initialize SDK
            • Ethereum and Bitcoin mainnet
            • Ethereum and Bitcoin testnet
            • Crosschain
            • Custom mode
          • Deposit and mint
          • Unmint and redeem
        • API Reference
      • tBTC Contracts API
        • Bridge API
          • Bank
          • BitcoinTx
          • Bridge
          • BridgeGovernance
          • BridgeGovernanceParameters
          • BridgeState
          • Deposit
          • DepositSweep
          • DonationVault
          • EcdsaLib
          • Fraud
          • GovernanceUtils
          • Heartbeat
          • IReceiveBalanceApproval
          • IRelay
          • IVault
          • L2TBTC
          • L2WormholeGateway
          • LightRelay
          • LightRelayMaintainerProxy
          • MaintainerProxy
          • MovingFunds
          • Redemption
          • TBTC
          • TBTCOptimisticMinting
          • TBTCVault
          • VendingMachine
          • VendingMachineV2
          • VendingMachineV3
          • WalletCoordinator
          • Wallets
        • ECDSA API
          • EcdsaAuthorization
          • EcdsaDkg
          • EcdsaDkgValidator
          • EcdsaInactivity
          • IWalletOwner
          • IWalletRegistry
          • WalletRegistry
          • WalletRegistryGovernance
          • Wallets
  • Resources
    • T Token
    • Contract Addresses
      • Mainnet
        • Threshold DAO
        • tBTC
        • thUSD
        • Legacy
      • Görli Testnet
      • Sepolia Testnet
    • tBTC Pools
    • Upgrade NU & KEEP to T
    • Contribution
    • Security
    • Brand Assets
    • Links
Powered by GitBook
On this page
  • Bug Bounty Program
  • Reporting a Vulnerability Not Covered by the Bug Bounty Program

Was this helpful?

Export as PDF
  1. Resources

Security

Security Policies for Threshold Network

PreviousContributionNextLinks

Last updated 1 year ago

Was this helpful?

Find bugs and vulnerabilities on Threshold Network and get paid up to $500,000

Bug Bounty Program

Threshold Network has a .

The details for the Bug Bounty are maintained and updated at the . There you can explore the assets in scope of the Bounty and the different rewards by threat level. As a guide, the initial bounty program launched with the following rewards according to the severity of the threats found:

Smart Contracts

  • Critical Level: USD $100,000 to USD $500,000

  • High Level: USD $10,000 to USD $50,000

  • Medium Level: USD $1,000 to USD $5,000

  • Low Level: USD $1,000

Websites and Applications

  • Critical Level: USD $10,000 to USD $25,000

  • High Level: USD $1,000 to USD $10,000

  • Medium Level: USD $1,000

A great place to begin your research is by working on our testnet. Please see our to get started. We ask that you please respect network machines and their owners. If you find a vulnerability that you suspect has given you access to a machine against the owner's permission, stop what you're doing and create a report using the immunefi dashboard for researchers.

Rewards are distributed according to the impact of the vulnerability based on the . This is a simplified 4-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs, focusing on the impact of the vulnerability reported.

Reporting a Vulnerability Not Covered by the Bug Bounty Program

Threshold DAO will try to make an initial assessment of a bug's relevance, severity, and exploitability, and communicate this back to the reporter. The Threshold DAO will compensate findings on a case-by-case basis. We value security researchers and we encourage you to contact us to discuss your findings.

We also ask all researchers to please submit their reports in English.

Please, verify the list of assets in-scope and out-of-scope available as part of the . Additionally, security researchers are encouraged to submit issues outside of the outlined Impacts and Assets in Scope. If you can demonstrate a critical impact on code in production for an asset not in scope, Threshold DAO encourages you to submit your bug report using the “primacy of impact exception” asset in Immunefi.

Bug Bounty program is live on Immunefi
↗
Bug Bounty program with Immunefi
Immunefi Threshold page
documentation
Immunefi Vulnerability Severity Classification System V2.3
Threshold Bug Bounty details