0xRyoma.eth Profile picture
Mar 14 13 tweets 5 min read
Hunting on @immunefi? SAVE THIS THREAD. 🧵

Bug bounty hunting in web3 can be tough; if you’re looking to report a bug on a blue-chip protocol for a Crit payout, you better come prepared. Here’s a list of 10 resources you should use to up your bug bounty reporting skills. 💪
Disclaimer: this is not a generic “follow @X for security tips”. I will be highlighting our very own underrated content that will elevate your whitehat game by understanding ALL of our rules and support your submissions towards that $1m+ payout.
1- Confused as to how you can best prove your point to protocols and get out of the “theoretical” report zone? Check out our Proof of Concept (PoC) guidelines and rules for web2 & web3 and create the best PoC out there: immunefisupport.zendesk.com/hc/en-us/artic…
2- Think your report is being low-balled/closed unfairly despite proving the value-add in your report for an out of scope asset? You can find this in our Projects’ FAQ: head over to our “Primacy of Impact Policy and Best Practices” to prioritize impact: immunefisupport.zendesk.com/hc/en-us/artic…
3- Found a bug in a third party library or software used by the project? Learn about our external dependency policies to know exactly what can be considered a valid bug report and what may be classified as out of scope: immunefisupport.zendesk.com/hc/en-us/artic…
4- Are you starting out on Immunefi? Read our Hacker Guide on submitting bug reports! Our article highlights why you should hunt for web3 bounties, when to aim for the big bounty vs the low vulnerability exploit, project response times, etc. medium.com/immunefi/a-hac…
5- On the topic of starting off, “Your First Day as a Bug Bounty Hunter” is a great article showing you a step-by-step guide on how to get started on Immunefi and navigating our platform: medium.com/immunefi/your-…
6- Nothing beats a top-notch report. Find out what you should include in your submissions to maximize your chances at a reward by reading our bug report template article and make sure you have all the right elements before pushing that “submit” button: immunefisupport.zendesk.com/hc/en-us/artic…
7- Unsure about which severity your exploit/bug/vulnerability falls under? Look no further than Immunefi’s Severity Classification System which comes with brief explanations for each vuln as well:
immunefisupport.zendesk.com/hc/en-us/artic…
8- This may sound simple, but due to the nature of our industry, we take rules very seriously. If you hunt on Immunefi, you better know our rules like the back of your hand to be successful and avoid getting warned or banned!

immunefi.com/rules/
9- Learn about what advice and knowledge our community of elite hackers are posting through our #learn-blockchain-hacking channel in our Discord; the knowledge sharing is insane.

Join our Discord here: discord.com/invite/rpkPDR7…
10- Want to hone your technical skills? You can find everything you need to know about security, from blockchain concepts, tools, frameworks, hack analyses and much more in the Immunefi Learn Github Repo curated by our very own @arunim_shukla

github.com/immunefi-team/…
With this list, you have all the right tools to succeed in Immunefi, back up your report with solid claims, and use our rules to your advantage. Remember: knowledge is power, and a powerful bug bounty hunter can accomplish great things and make serious money. 😎

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with 0xRyoma.eth

0xRyoma.eth Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @0xryoma

Mar 8
1/22 Fact: Whitehats have received 70 MILLION+ dollars in bounties via @Immunefi. The top whitehat has earned over $13 million in just 4 reports. To those of you who haven’t yet made much on Immunefi despite hearing about whitehats earning crazy payouts, this thread is for you.
2/22 Bug bounty hunting is a serious game, and must be treated as such. Projects receive countless reports every day that they have to review. Here are 5 ways you can increase your chances at standing out and getting your reports paid.
3/22 Quick debrief on who I am before we start: I am an Account Coordinator, meaning I’m part of the team that communicates with you and projects to make sure reports get resolved in a timely manner. I see countless reports every day, so I know what works and what doesn’t.
Read 21 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(