Skip to content
Gallery
Crypto Notebook
Self-intro & Prelude
Enzo Notebook
Crypto Alpha
Archive
Contact List
桜島Mai の {no more} Daily Shill
Weekly Raise Digest
Notes
Insight and Thinking
Misc
More
Share
Explore
Notes

icon picker
Immunefi

Upfront note: very web3 centric (serving primarily web3 projects), unlike HackerOne, who serves many traditional enterprises (ATT, Nintendo, Honda, Paypal, Dept of Defense, etc).

Product

Chain-agnostic bug bounty and security service platform. Hackers hack project (e.g. DeFi) to discover bugs and submit report, and get paid doing so. Projects collaborate with Immunefi specialists on drafting and publishing bounty.
Immunefi does two things:
1. brings talents into one community and connect them to projects & bounties.
2. provide panoramic assistance on bounty (creation, distribution, PR, postmortem communication, conflict). This is achieved through a team of specialist.
Immunefi does not provide audit or triage. It is also worth noting that some bounties on Immunefi are quite profound. However most bounties are <$100,000k. For complete bounty see
https://immunefi.com/explore/
Screen Shot 2022-03-30 at 5.43.17 PM.png
So, all in all, Immunefi is more like a platform than a security service provider. All the technical support comes from whitehat hackers, and Immunefi is just there to bridge the gap in information.

5 Level Scale of Bug Seriousness

Immunefi classifies bugs on a simplified 5-level scale:
Critical
High
Medium
Low
None
Of course, projects can adopt their own standard later on when doing PR release, but this is the communication standard every project should use before launching a bounty. For detailed definition of each level and correspondence in Smart Contract or Dapps, refer to
https://immunefi.com/severity-updated/
image.png

Fee Model

There’s no upfront cost. Projects only pay a 10% performance fee to Immunefi on top of the bug bounty award when hackers find real vulnerabilities.
$0 onboarding and launch fee
$0 maintenance fee
$0 advisory fee for drafting the program
10% Immunefi performance fee (charged on top of the payout) for vulnerabilities found
No deposits
You can KYC if needed, but let us know in advance
Projects set their own payout amounts
Pay rewards in project’s own token/coin

Community - As of March 30, 2022

Discord: 4412, ~600 active. Generally speaking the conversation in the chat is quite casual. Some people occasionally start a topic and a few respond. ~10-30 msgs per day. We can definitely see the mgmt team curated a good vibe in appropriate channels. Generally not a super hyped community but it is solid.
image.png
image.png
Twitter: 20.6k followers, few interaction in most posts which is typical.
image.png
It is also worth noting that projects are very much willing to do free promoting on their own official accounts, because their values are aligned. ← noticed during twitter search, but forgot to screen shot...some KOL accounts also gave Immunefi a shill, so probably they have a positive name in the space.
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.