Create bugbounty.md

bugbounty.md

@@ -0,0 +1,45 @@
+## Bug Bounty Overview
+
+ZetaChain is committed to security across all aspects of its ecosystem. To that end, ZetaChain has established a bug bounty program to reward researchers, developers, and users who help identify and report security vulnerabilities.
+
+You can access and report issues at [https://immunefi.com/bounty/zetachain/](https://immunefi.com/bounty/zetachain/).
+
+## Scope
+
+The scope of this bug bounty program is focused on ZetaChain's smart contracts, public-facing APIs, blockchain protocol/infrastructure, and web applications.
+
+## Program Guidelines
+
+1. All reports must be submitted through Immunefi, accessible [here](https://immunefi.com/bounty/zetachain/).
+2. Report any suspected vulnerability promptly.
+3. Do not attempt to exploit a vulnerability without prior authorization.
+4. Do not publicly disclose a vulnerability before it is reported and patched.
+5. Do not access data or systems beyond the scope of the vulnerability.
+6. Do not use social engineering techniques.
+7. Do not attempt to access accounts or personal data of users.
+
+## Rewards
+
+The rewards for successful vulnerability reports range from $5,000 to $100,000, depending on the severity of the issue. All payouts are to be done by the ZetaChain team through Immunefi. 
+
+### **Smart Contracts**
+
+| Critical | USD $30,000 to $100,000 |
+| --- | --- |
+| High | USD $10,000 to $30,000 |
+| Medium | USD $10,000 |
+
+### **Websites and Applications**
+
+| Critical | USD $15,000 to $30,000 |
+| --- | --- |
+| High | USD $5,000 to $15,000 |
+| Medium | USD $5,000 |
+
+## Responsible Disclosure
+
+We value responsible disclosure, and we encourage all participants to act responsibly when reporting vulnerabilities.
+
+## Contact
+
+For any questions or concerns, please contact us at bugbounty@zetachain.com.