Program Name
When you go to submit a bug, you will be asked to select the program from a dropdown menu and to type out the name of the program that you have selected.
This redundancy has been added to ensure that whitehats do not accidentally send reports to the wrong projects. By completing this one simple step, you help to protect sensitive information and to guarantee that your valid submissions go to projects that will reward you for them.
Choose an Asset
Once you have selected a program, you will be asked to provide a reference to the code base where the vulnerability was found. A dropdown list of potential assets will be provided, but if you cannot find the necessary code base on the list, you can add a custom target by selecting “Other” and typing it in.
You will not be able to proceed unless you enter a valid url.
If you wish to submit an out of scope asset, you can select ‘Other’ and enter the asset manually. However, please be aware that doing so will likely lead to a rejection of your bug report if the exploit does not lead to a direct loss of funds. If you are reporting to a program with Primacy of Impact implemented, please select the ‘Primacy of Impact’ placeholder asset instead.
Impacts List
After selecting the asset, you will be provided with a list of possible impacts. You should select all of the impacts that apply to the vulnerability that you have identified. If you believe that there are additional impacts that are not listed, you can click the “Add custom impact” button to add more impacts. Multiple impacts may be selected.
Please note that adding an impact that is not in scope will likely lead to the rejection of your report. If you are unsure which impact to select, please click the blue “View Immunefi Impact Definition” text for more information.
Severity Level
After selecting an impact, you will be asked to provide the severity level. The severity level should match the impact you selected based on the ‘Impacts In Scope’ section of the project’s bug bounty program. If there are multiple impacts, select the severity level of the highest one.
Main Report
Here you will be asked to provide a detailed description of the exploit. For more guidelines on filling out this section of the report, please refer to our Bug Report Template help center article.
Wallet Address
In the Wallet Address section, you will be asked to provide the address where you will receive payment.
If the project chooses to pay in a currency on an Ethereum Virtual Machine (EVM) blockchain, you will need to provide an EVM wallet address. You can do this by selecting the “Connect Wallet” button, or by typing out the wallet address manually.
If the project chooses to pay in a non-EVM currency, you will need to provide a non-EVM wallet address. Note that there is no “Connect Wallet” feature for non-EVM wallets, so you will need to type out the address yourself.
Be sure to double check any wallet addresses that are entered manually. If you make a mistake, it will result in the loss of your bug bounty payout and there will be nothing we can do to help you recover the funds.
Comments
0 comments
Article is closed for comments.