What's wrong with YesWeHack ft Immunefi?

submited by
Style Pass
2024-11-24 04:00:03

Crypto bros have created their own severity classification system.

So, a couple of weeks ago, I reported some bugs in the Firedancer network stack. But the bug reports were rejected because the bugs were in the main branch (now in the production), not in the Mainnet-v0.113.20007. I was like, fair enough.

After some time, I found a null dereference in the Mainnet-v0.113.20007 HTTP implementation. Guess what happened next?
Firedancer rejected it, saying it does not fall under Immunefi's severity classification system. Now, the funny part is that Firedancer was audited, My findings and the findings in the audits are similar, typical memory corruption bugs. But my disadvantage was that I was going through a rigged platform.

I am not that disappointed with Immunefi; It is a crypto platform, so scamming people is in its nature.

As any normal human being, first you find a bug, then create a account and then report it. Well, the first two steps were easy.

Leave a Comment