Skip to main content
Sign in Menu

What to Do After Your Report Has Been Paid

  • Updated

Congratulations! Your bug report has been confirmed as valid and you’ve just been paid your bug bounty reward. What should you do next?

 

View Your Whitehat Ranking

When you successfully submit a bug on Immunefi, your whitehat score increases based on the severity of the report, your total number of paid reports, and your total bug bounty reward earnings. Just keep in mind that your score will not be updated until two weeks after your report has been paid.

Your whitehat score determines your ranking on the Immunefi Leaderboard relative to other successful hackers on Immunefi.

We frequently provide whitehats who rank within the top 50 spots with extra rewards, all-expenses-paid trips, exclusive swag, and speaking opportunities, so make sure to keep an eye on where you stand in the ranks and keep hunting!

To view your whitehat score, go to your 'Settings' in the Dashboard. Under the 'Analytics' subheading, you will see your score and ranking, as well as the total number of valid reports that you've submitted and your total earnings on Immunefi. 

You can read more about whitehat scores and rankings here

 

Share Your Success on Social Media

Getting a bug bounty reward comes with bragging rights. If you have a Twitter account, you can use the share on social media feature in the Dashboard to tweet out your big win! 

You should also consider adding ‘whitehat @Immunefi’ as well as your Immunefi Leaderboard rank in your Twitter bio.

Finally, join our Discord to learn more about bug hunting and make friends with other whitehats in the community.

 

Write a Bugfix Review (BFR)

Writing a bugfix review is a great way to educate others and cement your position as a successful whitehat, which can bring you many opportunities. These bugfix reviews are widely shared among the web3 community, and they show both how talented you are and also that you like to give back to the community. 

Typically, a BFR includes fields like: 

  • Project name
  • Whitehat name 
  • Whitehat social media (Twitter e.g.)
  • Vulnerability type (reentrancy e.g.)
  • Date submitted
  • Severity of the bug
  • Funds that could have been lost (if known or applicable)
  • Payout amount
  • Link to vulnerable line of code (if applicable)
  • Link to fix line of code
  • An explanation of the fix
  • Step-by-step exploitation of the bug in the Vulnerability Analysis section

 

Keep in mind that the bug must be fixed and paid before you can publish your bugfix review (unless it meets an exception set out in the Global Standards or the relevant publication category). To make sure the bug has been fixed, you should reach out to the project in the Dashboard before writing it. You should also double check the project’s bug bounty program to see what publication category they have chosen and review it against our Responsible Publication policy. 

To view some samples of what bugfix reviews look like, check out several examples that we’ve written on our Medium: Beanstalk, Balancer, Sense Finance, and many more. 

For an example of a bugfix review written be a whitehat, we recommend this excellent example written by PWNING.

When you’ve finished your bugfix review, don’t forget to share it on Twitter and tag Immunefi!

Related articles

Comments

0 comments

Article is closed for comments.