Fix #59: Bug Bounty

SECURITY.md

@@ -4,8 +4,50 @@
 
 Please see [Releases](https://github.com/ParaState/SafeStakeOperator/releases). We recommend using the most recently released version.
 
+## Bug Bounty Program
+
+SafeStake operates a bug bounty program to encourage responsible disclosure of security vulnerabilities. We welcome security researchers and the community to help us maintain the security of our protocol.
+
+### Scope
+
+Our bug bounty program covers:
+- SafeStake Operator node software
+- Smart contracts deployed on mainnet
+- Critical infrastructure components
+- Distributed Validator Technology (DVT) implementation
+
+### Rewards
+
+Reward amounts depend on the severity and impact of the discovered vulnerability:
+- **Critical**: Up to $50,000
+- **High**: Up to $25,000  
+- **Medium**: Up to $10,000
+- **Low**: Up to $2,500
+
+### Guidelines
+
+- Please provide detailed reproduction steps
+- Allow reasonable time for remediation before public disclosure
+- Do not access or modify user data
+- Do not perform attacks that could harm the network or users
+
 ## Reporting a Vulnerability
 
 Please send vulnerability reports to team@safestake.xyz 
 
 Please do not file a public ticket mentioning the vulnerability, as doing so could increase the likelihood of the vulnerability being used before a fix has been created, released and installed on the network.
+
+### What to Include
+
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact assessment
+- Suggested remediation (if applicable)
+- Your contact information for follow-up
+
+## Response Process
+
+1. **Acknowledgment**: We will acknowledge receipt of your report within 48 hours
+2. **Investigation**: Our security team will investigate and validate the report
+3. **Resolution**: We will work on a fix and coordinate disclosure timeline
+4. **Reward**: Eligible reports will receive rewards based on severity and impact