RootstockLabs has created the bug bounty program to reward researchers that submit valid vulnerabilities to improve the RootstockLabs platforms security.

<div class="btn-container">
  <span></span>
    <a class="green" href="https://immunefi.com/bug-bounty/rootstocklabs/information">Visit the Bug Bounty Program Page on Immunefi</a>
</div>

### Service Level Agreement (SLA)

RootstockLabs aims to meet the following SLAs for hackers participating in our program:

* Time to first response (from report submit) - 5 business days
* Time to triage (from report submit) - 7 business days
* Time to bounty (from triage) - 15 business days

We aim to keep you informed about the progress throughout the process.

### Disclosure Policy

* Follow Immuefi's [disclosure guidelines](https://immunefi.com/responsible-publication/).
* Public disclosure of a vulnerability makes it ineligible for a bounty. If the user reports the vulnerability to other security teams (e.g. Ethereum or ETC, Ledger) but reports to RootstockLabs with considerable delay, then RootstockLabs may reduce or cancel the bounty.

### Scope and Rules

Visit the [Scope Section on Immuefi](https://immunefi.com/bug-bounty/rootstocklabs/scope/#top) to view the scope / out of scope vulnerability, and the program rules.