12 November 2020
Live since
Yes
KYC required
$1,250
Maximum bounty
Immunefi is a bug bounty platform hosted by a consortium of companies active in the cybersecurity space. It aims to make cybersecurity more accessible to the cryptocurrency industry as well as the wider cyberspace.
Immunefi is interested in securing their website, https://immunefi.com/. Primary areas of concern are around the modification of information on the website, leakage and loss of client data, and leakage of communicated information from clients to the company.
https://bugs.immunefi.com is currently out-of-scope while Immunefi launches it.
Total Bounty Pool: USD 2 500
Rewards are distributed according to the exploitability level of the vulnerability and its impact based on the Immunefi Vulnerability Severity Classification System. The payout for a bug report is first calculated by the consequence the vulnerability causes with its respective percentage reward multiplied by the total bounty pool. Afterwards, the exploitability level and its respective percentage is multiplied by that amount to determine the final payout for the bug report.
Consequence | |
---|---|
Deletion of site data, XSS/CSRF, ACE, loss of contract funds | 50% |
Incorrect modification of user data | 20% |
Leaking user data | 20% |
DoS amplification | 10% |
Denial of service | 10% |
No known exploit - best practices | 10% |
Exploitability | |
---|---|
No access | 100% |
Ordinary access | 100% |
Moderator-approved access | 20% |
Privileged access (non-root) | 10% |
Physical access | 1% |
Payouts are handled by Immunefi directly and are denominated in USD.
We are especially interested in receiving and rewarding vulnerabilities of the following types:
https://bugs.immunefi.com is currently out-of-scope while Immunefi launches it.
The following vulnerabilities are excluded from the rewards for this bug bounty program:
The following activities are prohibited by bug bounty program:
Join our whitehat community and get notified when new bounties launch on the platform