3e3dev

u/3e3dev

Overview

Posts

Comments

Feed options

Hot

New

Top

View

Card

Compact

Any immutable mods available to discuss a critical exploit found?

r/ImmutableX

Any immutable mods available to discuss a critical exploit found?

I have sent an email to the Immutable security team about a live on-chain exploit and received a auto response advising I should submit to BugCrowd, unfortunately I have already made the submission and BugCrowd has erroneously closed this report as "not applicable". As of writing this post, the exploit is still live and tested on-chain. Any suggestions on how to further escalate this?

r/bugbounty

•

Bugcrowd triage rejected a P1 with on-chain proof, Foundry tests, and the target's own test suite confirming the vulnerability - the potential exploit is still live and on chain as I post this message. Any suggestions?

3e3dev

replied to conflictions69

I don't like prison. I am just going to email the security team directly, if I don't get a response soon.

r/bugbounty

•

[ Removed by moderator ]

3e3dev

replied to lurkerfox

Why not? Its a trivial form bug with zero exploit potential that a blind web developer could find and fix in under a minute.

r/bugbounty

•

[ Removed by moderator ]

3e3dev

replied to GhostlyBoi33

I don't even care if a low severity program submission takes two weeks to be seen. But taking a week to even acknowledge a bug on their own website that prevents users from registering is way too long IMO.

r/bugbounty

•

[ Removed by moderator ]

3e3dev

replied to OuiOuiKiwi

I understand people are busy, but I did first submit this bug to customer service on March 8th, my email informally sending a bug report was then sent on March 11th. And still no response.