Add SECURITY.md

SECURITY.md

@@ -0,0 +1,22 @@
+# Security
+
+## Bug bounty program
+
+In line with our strategy of being the safest way for users to access crypto:
+
++ Coinbase extended our [best-in-industry](https://www.coinbase.com/blog/celebrating-10-years-of-our-bug-bounty-program) million-dollar [HackerOne bug bounty program](https://hackerone.com/coinbase?type=team) to cover the Base network and Base infrastructure.
+
++ Coinbase has launched a 5 million-dollar [Cantina bug bounty program](https://cantina.xyz/code/55316f42-3c5e-4746-9bd0-0f18dcbc344b) to cover all deployed smart contracts for Base, and those used as part of Coinbase products and services.
+
+## Reporting vulnerabilities
+
+All potential vulnerability reports can be submitted via the following platforms:
+
+1. [**HackerOne**](https://hackerone.com/coinbase): For offchain components and services.
+   For more information on reporting vulnerabilities and our HackerOne bug bounty program, view our [security program policies](https://hackerone.com/coinbase?view_policy=true).
+
+2. [**Cantina**](https://cantina.xyz/bounties/55316f42-3c5e-4746-9bd0-0f18dcbc344b): For deployed smart contracts.
+   For more information on what smart contracts are considered within the scope of the Cantina bug bounty program, view our [Tier 0](https://cantina.xyz/code/55316f42-3c5e-4746-9bd0-0f18dcbc344b/overview?overviewTab=1&assetGroup=0) and [Tier 1](https://cantina.xyz/code/55316f42-3c5e-4746-9bd0-0f18dcbc344b/overview?overviewTab=1&assetGroup=1) scope guides.
+
+
+For all other security related inquiries, please reach out to [security@coinbase.com](mailto:security@coinbase.com).