- If after reviewing the report you believe it to be invalid, you can select the relevant Quick Action to change the status to Closed.
- Note that you have to include a clear and reasonable explanation to the whitehat with any change in status.
Closing of invalid reports
Before closing any submission, you must cite one of the following with related, detailed rationale for rejecting the submission:
- Scope - with reference to the in-scope targets on the bug bounty page
- Severity - with reference to the corrected severity under the Immunefi severity system
- Technical validity - with reference to unrealistic preconditions, privileged access required, or malfeasance on the part of the victim, or the PoC/steps to reproduce don’t work
- Intended behavior - the behavior demonstrated is part of the correct functioning of the system
- UI/UX issues - the vulnerability is in non-security-critical frontend code or in the user’s own wallet software
- Spam - begging for an airdrop, submitting an empty report, etc
- Known issues - If the reported issue is already known to the team. Must include a reference to a previous bug report, GitHub PR, audit report, blog post, etc. If this known issue was not previously shared with Immunefi or included in your Bug Bounty Program, please be sure to request an update to Immunefi.