We are rewarding researchers that find bugs with a bounty of our digital currency, lumens (XLM). The amount of the award depends on the degree of severity of the vulnerability reported.

The Stellar.org Bug Bounty Panel will evaluate award sizes according to severity calculated according to the OWASP risk rating model based on Impact and Likelihood. However, final awards are determined at the sole discretion of the panel:

Critical: up to 25,000 points

High: up to 15,000 points

Medium: up to 10,000 points

Low: up to 2,000 points

Note: up to 500 points

1 point currently corresponds to 1 USD (payable in lumens (XLM), something which may change without prior notice.

Researchers are more likely to earn a larger reward by demonstrating how a vulnerability can be exploited to maximum effect.

‍