Closing Reports – Immunefi

General Notes

If after reviewing the report you believe it to be invalid, you can select the relevant Quick Action to change the status to Closed.
Note that you have to include a clear and reasonable explanation to the whitehat with any change in status.

Before closing any submission, you must cite one of the following with related, detailed rationale for rejecting the submission:

Scope - with reference to the in-scope targets on the bug bounty page
Severity - with reference to the corrected severity under the Immunefi severity system
Technical validity - with reference to unrealistic preconditions, privileged access required, or malfeasance on the part of the victim, or the PoC/steps to reproduce don’t work
Intended behavior - the behavior demonstrated is part of the correct functioning of the system
UI/UX issues - the vulnerability is in non-security-critical frontend code or in the user’s own wallet software
Spam - begging for an airdrop, submitting an empty report, etc
Known issues - If the reported issue is already known to the team. Must include a reference to a previous bug report, GitHub PR, audit report, blog post, etc. If this known issue was not previously shared with Immunefi or included in your Bug Bounty Program, please be sure to request an update to Immunefi.