While our Dashboard UI aims to ensure projects and whitehats communicate together to discuss and resolve reported vulnerabilities, we acknowledge that disagreements can arise. In the event that you cannot resolve an issue together, you may request mediation help from the Immunefi team.
There are two ways to achieve this depending on who is subscribed to your bug report:
1) Immunefi is NOT a participant in your bug report:
If you do not see a member of the Immunefi team in the report, a button will appear at the bottom right of your submission page. Click on “Request Help”:
A modal will then appear with the following options. Select one and a member of our team will be notified and auto-subscribed to your bug report to further assist.
2) Immunefi IS a participant in your bug report
If you do see Immunefi listed as one of the participants in your bug report, you can simply reach out to us directly via the Comments section by selecting `You and Immunefi`. This will keep the conversation private between you and our team.
Request Help Cooldown Period
To prevent unnecessary mediations, we have implemented a cooldown period on help requests from new whitehats on our platform. This means that after requesting help, new whitehats will have to wait a set amount of time before they can request help again on another report.
If the request for help results in a mediation that we determine to be successful (i.e. after mediation, a closed report is changed to ‘confirmed’, or Immunefi determines that the project engaged in rule-breaking behavior), then the cooldown timer will be reset and the whitehat will once again be allowed to request help on other reports. However, if we determine the request for help to be unsuccessful, then the whitehat will need to wait for the cooldown timer to reach zero before they can request help again.
Cooldown Period Increases with Consecutive Unsuccessful Requests
The cooldown period for new whitehats starts at 24 hours. Yet, with each consecutive unsuccessful request, this cooldown period increases.
- Second consecutive unjustified request = 7 day cooldown period
- Third consecutive unjustified request = 15 day cooldown period
- Fourth consecutive unjustified request = 30 day cooldown period
- Fifth consecutive unjustified request = 60 day cooldown period
New whitehats should be sure that their help requests are valid so as to avoid increased cooldown periods.
FAQs
How long does it take for Immunefi to complete the Mediation process?
From the initial request for help to a completed Mediation Summary, pending no other additional questions from Immunefi and/or time for the project and/or whitehat to reply, you can expect a completed Mediation Summary based on the following historical average mediation times:
- Blockchain/DLT: 14 days
- Smart Contract: 10 days
- Web & Apps: 9 days
What if it takes longer than that?
If you do not receive a response within our estimated times, please write to Immunefi in the bug report thread. If there is still no response from Immunefi within 48 business hours of that message, please email support@immunefi.com
How long does it take to resolve the bug report?
From the time a Mediation Summary is issued, a project has 5 business days to resolve the bug report. You can read more about Resolving Reports here.
Can I discuss the Mediation with the other party directly?
Please do not engage with further discussion until requested by Immunefi. Discussions outside of the Immunefi platform between whitehats and projects are a violation of the Immunefi Bug Bounty Program Operation Agreement that projects have agreed to, as there is no verified audit log of the discussion. Any agreements reached off-platform between whitehats and projects will be considered invalid by Immunefi, unless and until confirmed in the bug report thread and agreed to by both parties.
What if Immunefi contacts me directly?
Please note that as part of the mediation process, Immunefi may reach out to both parties directly to move the process forward. For these requests, Immunefi needs a reply within 2 business days, so that we may proceed with our review process. If any agreement is reached off-platform between Immunefi and the whitehat and/or project, that agreement will be shared on the bug thread for full visibility, review, and agreement between parties.
Comments
0 comments
Article is closed for comments.