pyman

@MitchellAmador @kenzowhitehat @sherlockdefi @immunefi Perfect analogy 😂

@kenzowhitehat @sherlockdefi Not what we do at @immunefi we follow the program rules as much as we can. We treat the rules like sharia law.

Apart from @sherlockdefi, judges on other platforms just follow what the protocol says. This is very risky because the protocol team is developers rather than experienced auditors. They may not understand some complex bugs that auditors find in contests.

@0xPerch83565 @immunefi @MitchellAmador 💯

@pyman_dev @immunefi @MitchellAmador You are not far from truth

I genuinely believe @immunefi is the best platform for bug hunting. @MitchellAmador truly cares about whitehats & ‘em getting fair pay. They’re not perfect, but they are sincere, & they do change lives of thousands. There just aren’t any shortcuts, you’ve gotta work ur butt off!

@pyman_dev @immunefi Thanks for the kind words, we're doing the best we can

@MitchellAmador @immunefi @0xjonah1 @TheTradMod @0xMackenzieM

The person with the most urgency usually wins.

I’m taking @infosec_us_team’s advice very seriously. I will be ignoring any Insights, Lows, and heck even Mediums for now, on @immunefi.

Brick By Brick rebuild yourself in front of the mfs who doubted you!✅

@karthikponna19 And asks us for a coffee

> bro built VLC > turned down stupid money just to keep it ad-free > and still gave it to us for free absolute legend 🐐

@only01Essential @immunefi @MitchellAmador So true, I was amazed when i had same kinda issue of havin to xplain their code to them. I currently have a report in med where they closed it based on a ridiculous reason which anyone who has done some very basic first-pass reading of the bounty program’s page would find absurd.

So true, I mean you'll submit a valid bug with a working poc and still not be 100% certain that the project will pay. My last paid bounty, I had to explain their own code to them. Cause they were trying really had to find fault in my write up instead of the acknowledging the underlying issue

This is why I think @immunefi mediation is mostly pointless. if the project doesn't pay well,or doesn't want to pay at all, you are on your own. For this project I found a bug in their in scope assets, were a user loses funds for a certain product type. It was clearly critical, so I submitted it as one. Few days later they acknowledged the bug then told me they don't currently use such products that it was implemented for the future usage, then lowered severity to Medium. Given their reward tiers 25k+ for highs, and the severity of the bug, I was hopeful, that they will pay well, ladies and gentlemen, I was in awe when they marked my report as paid, and what they sent me was $300. The most annoying part here is how they completely ignored me, they ignored all prior questions I asked, even when immunefi tagged them to respond, they still ignored, until they paid $300 they never responded even once to my comment. Given that their program shows they are willing to pay over a million for critical findings, then paying $300 for one, it was a very painful experience. Now, three months after requesting mediation, immunefi left without a word. In cases like this, it makes you wonder if you should have just withheld the bug, cause most of this projects are monsters, all your time and efforts means nothing to them. I have learnt not to trust this projects and the platforms, so always explore other options and see what works. Through out December I focused mostly on @xyz_remedy bug bounty, they work fast, but their SLA is hardly adhered to. Currently, i think when it comes to feedbacks and support @HackenProof is the best right now. I don't know about you guys, but having your report closed for a very stupid reason then having to request mediation inorder to comment is a pain. And mediation takes a very long time, or sometimes forgotten, like my case. Though there are projects that wait for your input before closing on immunefi.

@infosec_us_team @only01Essential @immunefi Woww. “Take it as business loss”. I never thought of it that way. That’s totally true and makes perfect sense.

It happens with some projects, but certainly not all. On the other hand, as long as Immunefi & Hackenproof continue to host life-changing bounties, it’s in your best interest to (1) quickly move on to another project after a bad experience and (2) stick to reporting directly exploitable critical vulnerabilities. Anything with a requirement, a condition, or with a small amount of funds at risk, will most likely be downgraded. Forget about whether it’s fair or not; regardless of terms and conditions that’s how the game works sometimes, and if you internalize it, take these events as a business loss, and continue hunting, you can still reach the top and earn life-changing bounties. This reply comes with the best intentions. We want you to do well in the long term.

People who are at the top would never share their secrets on how they got there, stop asking for guidance from people and find your own path and learn from your own mistakes. There’s no other way.

@aShubhamz LinkedIn….

Github is owned by Microsoft?????

@0xjonah1 Yea i totally agree. By the way, I just dm’d you about a wrongfully closed bug report of mine.

What goes on in this industry is astonishing sometimes. A very large number of people have zero problems with telling lies that I can spot as lies in about two seconds. For example, someone on Immunefi will get banned for submitting spam/garbage reports, etc. They will then message on Discord or email, providing their username and saying that they shouldn't have been banned because blah blah fake reasons and also they have reports that have been accepted as valid. I then immediately look them up in the db and...they don't have any valid reports. Let me change the first sentence of this post a little. I won't even count these people as part of the industry. As I've said before, this space seems to have attracted a lot of people with zero ethics plus zero results.

@immunefi i replied to your dmin’g me but you havent viewed my message

@immunefi "New users on Immunefi are required to complete identity verification through our third-party provider, zkPassport, before submitting reports." Who is a new user? I've submitted valid reports but still hitting this!

@immunefi why all of a sudden do you require id verification for submissions?

@immunefi pls why did you mandate identity verification (this way)? You’re well aware this is the end of Immunefi for a lot of people out there right? ZKPassport takes only int. passports and they aren’t always affordable in all parts of the world.

@grok @LuxLode @LuxLode are you seeing this?

Ah, I see the confusion. The logo I removed is the purple cube, which represents Unity. Code4rena is the pink one in the top left, still there. My reasoning was based on Unity's handling of that long-standing CVE and developer fees, as per recent reports from tech sites and forums. If that's not the worst, what's your take?

Hey @grok remove the platform that treats SR the worst from this image.