While our Dashboard UI aims to ensure projects and whitehats communicate together to discuss and resolve reported vulnerabilities, we acknowledge that disagreements can arise. In the event that you cannot resolve an issue together, you may request mediation help from the Immunefi team.
There are two ways to achieve this depending on who is subscribed to your bug report:
1) Immunefi is NOT a participant in your bug report:
If you do not see a member of the Immunefi team in the report, a button will appear at the bottom right of your submission page. Click on “Request Help”:
A modal will then appear with the following options. Select one and a member of our team will be notified and auto-subscribed to your bug report to further assist.
2) Immunefi IS a participant in your bug report
If you do see Immunefi listed as one of the participants in your bug report, you can simply reach out to us directly via the Comments section by selecting `You and Immunefi`. This will keep the conversation private between you and our team.
How long does it take for Immunefi to complete the Mediation process?
From the initial request for help to a completed Mediation Summary, pending no other additional questions from Immunefi and/or time for the project and/or whitehat to reply, you can expect a completed Mediation Summary based on the following historical average mediation times:
- Blockchain/DLT: 14 days
- Smart Contract: 10 days
- Web & Apps: 9 days
What if this takes longer than that?
If you do not receive a response within our estimated times, please write to Immunefi in the bug report thread. If there is still no response from Immunefi within 48 business hours of that message, please email firstname.lastname@example.org
How long to Resolve?
From the time a Mediation Summary is issued, a project has 5 business days to resolve the bug report. You can read more about Resolving Reports here.
Can I discuss the Mediation with the other partly directly?
Please do not engage with further discussion until requested by Immunefi. Discussions outside of the Immunefi platform between whitehats and projects are a violation of the Immunefi Bug Bounty Program Operation Agreement that projects have agreed to, as there is no verified audit log of the discussion. Any agreements reached off-platform between whitehats and projects will be considered invalid by Immunefi, unless and until confirmed in the bug report thread and agreed to by both parties.
What if Immunefi contacts me directly?
Please note that as part of the mediation process, Immunefi may reach out to both parties directly to move the process forward. For these requests, Immunefi needs a reply within 2 business days, so that we may proceed with our review process. If any agreement is reached off-platform between Immunefi and the whitehat and/or project, that agreement will be shared on the bug thread for full visibility, review, and agreement between parties.
Article is closed for comments.