From the project's viewpoint, a bug report has multiple stages it can go through in its life cycle:
After Immunefi completes automated filtering of a bug report, it will be Escalated to you for further review.
From this state, you will have a number of 'Quick Actions' you can take to advance the report - either towards confirming and paying out the whitehat their bounty or towards closing an invalid report.
After selecting one of the options above, a template response will be auto-generated for you to edit and send to the whitehat.
Advancing to 'Confirmed' status
If a report is valid and in-scope, select 'This bug is valid! We are going to start working on a fix.' This will auto-populate the template as seen below. Note that the severity level may need to be updated. The status will be updated to Confirmed.
Please also note that it is a best practice to advise the whitehat a timeframe during which you will send their bounty payout, if you are not immediately ready to pay out their bounty.
From the Confirmed status, your Quick Actions panel will update with the following options:
You have the option here to further discuss severity level with the whitehat before agreeing to the payout amount.
Advancing to 'Paid' status
Once you have sent the bounty payout to the hacker, select the 'Bounty has been paid out!' Quick Action. By doing so, the status will be updated to Paid.
Advancing to 'Closed' status
If after reviewing the report you believe it to be invalid, you can select the relevant Quick Action to change the status to Closed. Note that you have to include an explanation with any change in status.
**Note that you may not go backward in status without an Immunefi Mediator for help, so be careful when you make a change. If you have any questions, you can 'Ask Immunefi for Help'. This will alert the Immunefi team to assist with mediating the report.