docs: mention audits in the bug bounty

sablier-labs · Jul 9, 2023 · 1bdfeb0 · 1bdfeb0
1 parent 4c603d1
commit 1bdfeb0
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -81,8 +81,11 @@ publicly for their contribution if they so choose.
 
 To qualify for a reward under this Program, you must adhere to the following criteria:
 
-- Identify an undisclosed, non-public vulnerability in Sablier V2 that could result in the loss of or lock on any ERC-20
-  asset, and which is within the scope of this Program.
+- Identify a previously unreported, non-public vulnerability that could result in the loss of or lock on any ERC-20
+  asset in Sablier V2 (but not on any third-party platform interacting with Sablier V2) and that is within the scope of
+  this Program.
+- The vulnerability must be distinct from the issues covered in the
+  [Audits](https://github.com/sablier-labs/v2-periphery/wiki/Audits).
 - Be the first to report the unique vulnerability to [security@sablier.com](mailto:security@sablier.com) in accordance
   with the disclosure requirements specified above. If multiple similar vulnerabilities are reported within a 24-hour
   timeframe, rewards will be split at the discretion of Sablier Labs.