Lighthouse is an open-source public good dedicated to the Solana ecosystem. While we (me, Jac0xb.sol) have limited resources for compensating security contributions, we highly value the efforts of the community in helping us maintain a secure Solana program.

If you discover any vulnerabilities or security issues, please report them responsibly by emailing us at security@rektdefi.net. We aim to respond promptly and work with you to understand and address the issue.

To show our appreciation for responsible disclosure, we offer the following bounty rewards based on the severity of the vulnerability:

• Eligibility: To be eligible for a bounty reward, you must be the first to report the issue, and it must be a legitimate vulnerability that is within scope.
• Scope: Only vulnerabilities found in the Lighthouse Solana smart contract are eligible. All other services are out of scope.
• Responsible Disclosure: Do not disclose the vulnerability publicly or to any third party before it has been addressed.

When reporting a vulnerability, please include:

• Description: A detailed description of the vulnerability and its potential impact.
• Reproduction Steps: Step-by-step instructions to reproduce the issue.
• Proof of Concept: Any code, scripts, or screenshots that can help illustrate the issue.
• Suggested Fixes: Recommendations on how to fix the vulnerability, if available.

• The bounty amounts are guidelines and may vary depending on the actual impact of the vulnerability.
• Rewards are granted at our discretion, and all decisions are final.
• This program may be updated or terminated at any time without prior notice.

I deeply appreciate the efforts of security researchers and the community in keeping Lighthouse secure. Thank you for helping us protect our platform and its users.