Lezzzgooo Attackathons are back at Immunefi $160k main pot + $40k mitigation audit are up for grabs in VeChain's Hayabusa Upgrade! Academy page is live, submission period starts on October 1st gl gl everyone

Research is key to building a strong OP Stack and a robust rollup ecosystem. We recently implemented key fixes and paid out a $20K bounty reward for the following report.

Triaging reports shouldn’t feel like digging for signal in a cacophony of noise, so we trained Guardian AI to review reports for you. Guardian AI Summaries now bring focus to your bug report triaging. And it works great.

Starting Oct 1st, new anti-spam rules go live on Immunefi for Audit Competitions and Bug Bounty Programs. They cut spam and improve the experience for good-faith researchers. Important: these rules only apply to new users and SRs with 0 paid reports. 1/6

See y’all at Defi Security Summit ☀️

Month 2 of our SEAL Framework deep dives! Today we're talking about: Security Testing 🧪 "We tested our smart contracts" ≠ "we tested our security" (1/x)

Be mindful regarding scope on bounty programs. Bounties only pay for live bugs that have an actual impact. So, don't lose your time investigating something that will pay you nothing (and rightfully). Projects and platforms do a terrible job at keeping a correct scope over time.

AI is changing how bug reports are written, but not always for the better. unsafe_call, Security Researcher & Triage Lead at Immunefi, will speak at DSS on “AI in Bug Reports: When to Use LLMs and When Not To”, sharing field-tested lessons on using AI responsibly in security.

Bug bounty hunting shouldn't start with setup hell. Nope. It should start with hacking. That's why we built Instascope - a tool that lets SRs instantly spin up ready-to-test environments for Ethereum Mainnet Immunefi scopes. Made for our hunters. 🎯

This is a huge quality of life increase for bug hunters! You can now download in scope contracts and have everything compilation ready in one click 🤯

Assumptions kill arguments. Evidence builds them. Too many SRs stop early and file what they assume is a vuln. Double down and do the research: reproduce, capture exact conditions, craft a PoC, quantify impact. Any assumptions will be used against you when disputing a bug.

If you're going to submit to Immunefi, please at least understand that not all bugs are vulnerabilities - and what the distinction is.🤦

Not on Immunefi. Our pot-to-payout ratios are the highest in the industry, and we put all our competition reports in public. Transparency is the only way.

You guys are loving Instascope, so we're bringing it to more chains! which one next? 👀

We’ve partnered with @rippleXDev to launch a $200,000 Attackathon helping secure the proposed XRPL Lending Protocol. This is a time-boxed, adversarial competition to identify vulnerabilities before the protocol reaches production.

We are collaborating with Immunefi to prepare a $200K Attackathon to test and strengthen the proposed XRP Ledger Lending Protocol. The program runs Oct 27 - Nov 24 and invites security researchers to review more than 35K lines of C++ code, uncover vulnerabilities, and earn

check it out, self-serve flagging with the biggest wallets in crypto (more news on that soontm)

dear algorithm: please show this to security researchers tired of setup hell thank you