Immunefi has a set of rules that govern users' participation in its bug bounty platform and interaction with Immunefi-run spaces and team. These rules exist in addition to the rules for each bug bounty program, which are listed on each bug bounty program page. Violation of these rules can result in a temporary suspension or permanent ban from the Immunefi platform at the sole discretion of the team, which may also result in the forfeiture of any active bug submissions under consideration and zero payout. These rules can be changed at any time.
- Harassment, i.e., excessive, hostile, or bad-faith communication
- Attacks based on personal characteristics
- Threats of violence
- Threatening to publish or publishing people’s personal information without their consent
- Extortion/blackmail or threats of extortion/blackmail
- Posting illegal content
- Reporting a bug that has already been publicly disclosed
- Creating multiple accounts on the Immunefi platform to evade rules, suspensions, or bans
- Underreporting vulnerabilities
- Misrepresenting vulnerabilities
- Publicly disclosing a bug before being given explicit consent by the bug bounty program
- Placeholder bug submissions, i.e., bugs that have a vague title, very few details, and no reproducible steps
- Attempting to route around Immunefi and communicating with a project directly
- Submitting bugs via email or any channel other than the Immunefi bugs platform
- Promoting any behavior listed above
- Be ethical
- Be respectful and considerate
- Be professional
- Be patient
- Be privacy conscious
Users can report rule violations to the Immunefi team at email@example.com within 31 days of the inciting event and request a formal resolution.
The team will make reasonable efforts to adjudicate incidents shortly after they are brought to their attention.
Scope and Enforcement
The team will take all reasonable actions to ensure the successful execution of Immunefi's mission and the maximum effectiveness of the project.
All material in official project spaces is subject to the rules, and as such, can be deleted, modified, or rejected by the team if it is found to be in violation of the rules. In repeated or severe cases, the team may exclude users from the Immunefi bug bounty platform and/or its project spaces on a temporary or permanent basis.