Immunefi

01Severity & Rewards

02Program Rules

1. 01Proof of Concept is required for all submissions. Reports without a working PoC demonstrating the vulnerability will not be considered.
2. 02KYC verification is required before bounty payout. Researchers must complete identity verification to receive rewards.
3. 03This program follows Primacy of Impact — valid findings are rewarded based on demonstrated impact regardless of whether the specific attack vector was previously known.
4. 04Submissions are triaged by the security team. Expect initial response within 48 hours of submission.
5. 05Only previously unreported vulnerabilities are eligible. Duplicate submissions will be closed.
6. 06Vulnerabilities must be reported through the WhiteClaws platform. Public disclosure before resolution disqualifies the submission.
7. 07Testing must not disrupt live protocol operations. Use mainnet forks or testnets for Proof of Concept execution.