CINXE.COM

Immunefi - Rules

<!DOCTYPE html><html lang="en" class="scroll-smooth"><meta http-equiv="Content-Security-Policy" content="script-src &#x27;nonce-ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz&#x27; &#x27;strict-dynamic&#x27; &#x27;unsafe-inline&#x27; &#x27;wasm-unsafe-eval&#x27;; connect-src &#x27;self&#x27; https://vitals.vercel-insights.com/v1/vitals https://static.mailerlite.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://snap.licdn.com https://px.ads.linkedin.com https://px.ads.linkedin.com/wa https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://static.ads-twitter.com https://t.co https://www.redditstatic.com https://alb.reddit.com https://conversions-config.reddit.com https://pixel-config.reddit.com; style-src &#x27;self&#x27; &#x27;unsafe-inline&#x27; https://fonts.googleapis.com; font-src &#x27;self&#x27; https://fonts.gstatic.com; img-src &#x27;self&#x27; data: https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://snap.licdn.com https://px.ads.linkedin.com https://px.ads.linkedin.com/wa https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://static.ads-twitter.com https://t.co https://www.redditstatic.com https://alb.reddit.com https://conversions-config.reddit.com https://pixel-config.reddit.com https://images.contentful.com/t3wqy70tc3bv/ https://images.ctfassets.net/t3wqy70tc3bv/ https://www.googletagmanager.com qn5bmgziiocgawpp.public.blob.vercel-storage.com https://firebasestorage.googleapis.com/v0/b/immunefi-bugs.appspot.com/; frame-src &#x27;self&#x27; https://www.googletagmanager.com https://td.doubleclick.net https://www.youtube.com/embed/ https://www.google.com; media-src &#x27;self&#x27; https://videos.contentful.com/t3wqy70tc3bv/ https://videos.ctfassets.net/t3wqy70tc3bv/; base-uri &#x27;none&#x27;; object-src &#x27;none&#x27;; default-src &#x27;self&#x27;; frame-ancestors &#x27;self&#x27; immunefi.convertflowpages.com marketing.immunefi.com; "/><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width"/><title>Immunefi - Rules</title><meta name="robots" content="index,follow"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:site" content="@immunefi"/><meta name="twitter:creator" content="@immunefi"/><meta property="og:title" content="Immunefi - Rules"/><meta property="og:url" content="https://immunefi.com/rules"/><meta property="og:type" content="website"/><meta property="og:image" content="https://immunefi.com/images/facebook_share.png"/><meta property="og:site_name" content="Immunefi"/><link rel="canonical" href="https://immunefi.com/rules"/><meta name="msapplication-TileColor" content="#2b5797"/><meta name="msapplication-config" content="/browserconfig.xml"/><meta name="theme-color" content="#000000"/><link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"/><link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"/><link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"/><link rel="shortcut icon" href="/favicon.ico"/><link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"/><link rel="manifest" href="/site.webmanifest"/><link rel="preload" as="image" imageSrcSet="/_next/image/?url=%2Fimages%2Fgradient.png&amp;w=640&amp;q=75 640w, /_next/image/?url=%2Fimages%2Fgradient.png&amp;w=750&amp;q=75 750w, /_next/image/?url=%2Fimages%2Fgradient.png&amp;w=828&amp;q=75 828w, /_next/image/?url=%2Fimages%2Fgradient.png&amp;w=1080&amp;q=75 1080w, /_next/image/?url=%2Fimages%2Fgradient.png&amp;w=1200&amp;q=75 1200w, /_next/image/?url=%2Fimages%2Fgradient.png&amp;w=1920&amp;q=75 1920w, /_next/image/?url=%2Fimages%2Fgradient.png&amp;w=2048&amp;q=75 2048w, /_next/image/?url=%2Fimages%2Fgradient.png&amp;w=3840&amp;q=75 3840w" imageSizes="100vw"/><meta name="next-head-count" content="23"/><script id="googletagmanager" defer="" nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz">(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-M4NJ9SW5');</script><noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M4NJ9SW5" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript><link nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz" rel="preload" href="/_next/static/css/52c25450958698e5.css" as="style"/><link nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz" rel="stylesheet" href="/_next/static/css/52c25450958698e5.css" data-n-g=""/><link nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz" rel="preload" href="/_next/static/css/cc1b2bf7f3ce3ad4.css" as="style"/><link nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz" rel="stylesheet" href="/_next/static/css/cc1b2bf7f3ce3ad4.css" data-n-p=""/><noscript data-n-css="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz"></noscript><script defer="" nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz" nomodule="" src="/_next/static/chunks/polyfills-42372ed130431b0a.js"></script><script src="/_next/static/chunks/webpack-2cf1432a703c7b12.js" nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz" defer=""></script><script src="/_next/static/chunks/framework-8391dbc5b3f4d919.js" nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz" defer=""></script><script src="/_next/static/chunks/main-8e6eb5cd9bcd4888.js" nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz" defer=""></script><script src="/_next/static/chunks/pages/_app-d80aad07c550e440.js" nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz" defer=""></script><script src="/_next/static/chunks/6a4d9673-2b874b22265edba7.js" nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz" defer=""></script><script src="/_next/static/chunks/5675-397551648921d54c.js" nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz" defer=""></script><script src="/_next/static/chunks/1070-ca0d104b967aa505.js" nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz" defer=""></script><script src="/_next/static/chunks/pages/%5Blanding_slug%5D-2d9be5029e17b56f.js" nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz" defer=""></script><script src="/_next/static/i0RYjUyGnbgpScqdXs58m/_buildManifest.js" nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz" defer=""></script><script src="/_next/static/i0RYjUyGnbgpScqdXs58m/_ssgManifest.js" nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz" defer=""></script></head><body><div id="__next"><div class="relative"><div class="absolute z-[-1] min-h-screen w-full 2xl:top-[-200px]"><div class="aspect-h-8 aspect-w-7 lg:aspect-h-9 lg:aspect-w-16"><span style="box-sizing:border-box;display:block;overflow:hidden;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;position:absolute;top:0;left:0;bottom:0;right:0"><img alt="" sizes="100vw" srcSet="/_next/image/?url=%2Fimages%2Fgradient.png&amp;w=640&amp;q=75 640w, /_next/image/?url=%2Fimages%2Fgradient.png&amp;w=750&amp;q=75 750w, /_next/image/?url=%2Fimages%2Fgradient.png&amp;w=828&amp;q=75 828w, /_next/image/?url=%2Fimages%2Fgradient.png&amp;w=1080&amp;q=75 1080w, /_next/image/?url=%2Fimages%2Fgradient.png&amp;w=1200&amp;q=75 1200w, /_next/image/?url=%2Fimages%2Fgradient.png&amp;w=1920&amp;q=75 1920w, /_next/image/?url=%2Fimages%2Fgradient.png&amp;w=2048&amp;q=75 2048w, /_next/image/?url=%2Fimages%2Fgradient.png&amp;w=3840&amp;q=75 3840w" src="/_next/image/?url=%2Fimages%2Fgradient.png&amp;w=3840&amp;q=75" decoding="async" data-nimg="fill" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%"/></span></div></div><header class="relative z-50 mb-12 lg:mb-40" data-testid="pageHeader"><div class="container flex items-center justify-between pt-4 lg:pt-8"><a class="mr-6 max-w-[120px] lg:max-w-none" data-testid="desktopLogo" href="/"><span style="box-sizing:border-box;display:inline-block;overflow:hidden;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;position:relative;max-width:100%"><span style="box-sizing:border-box;display:block;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;max-width:100%"><img style="display:block;max-width:100%;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0" alt="" aria-hidden="true" src="data:image/svg+xml,%3csvg%20xmlns=%27http://www.w3.org/2000/svg%27%20version=%271.1%27%20width=%27186%27%20height=%2740%27/%3e"/></span><img alt="Immunefi" src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" decoding="async" data-nimg="intrinsic" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%"/><noscript><img alt="Immunefi" loading="lazy" decoding="async" data-nimg="intrinsic" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%" srcSet="/images/logo-white.svg 1x, /images/logo-white.svg 2x" src="/images/logo-white.svg"/></noscript></span></a><div class="-my-2 -mr-2 lg:hidden"><button type="button" class="inline-flex items-center justify-center rounded-md p-2 text-white focus:outline-none focus:ring-2 focus:ring-inset focus:ring-indigo-500" aria-expanded="false"><span class="sr-only">Open menu</span><svg stroke="currentColor" fill="none" stroke-width="2" viewBox="0 0 24 24" stroke-linecap="round" stroke-linejoin="round" height="24" width="24" xmlns="http://www.w3.org/2000/svg"><line x1="3" y1="12" x2="21" y2="12"></line><line x1="3" y1="6" x2="21" y2="6"></line><line x1="3" y1="18" x2="21" y2="18"></line></svg></button></div><div class="fixed inset-0 z-20 origin-top transition lg:hidden overflow-y-scroll overscroll-y-contain bg-black pointer-events-none transition duration-75 ease-in opacity-0"><div class="container py-4"><div class="flex items-center justify-between"><div class="max-w-[120px]" data-testid="mobileLogo"><span style="box-sizing:border-box;display:inline-block;overflow:hidden;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;position:relative;max-width:100%"><span style="box-sizing:border-box;display:block;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;max-width:100%"><img style="display:block;max-width:100%;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0" alt="" aria-hidden="true" src="data:image/svg+xml,%3csvg%20xmlns=%27http://www.w3.org/2000/svg%27%20version=%271.1%27%20width=%27186%27%20height=%2740%27/%3e"/></span><img alt="Immunefi" src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" decoding="async" data-nimg="intrinsic" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%"/><noscript><img alt="Immunefi" loading="lazy" decoding="async" data-nimg="intrinsic" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%" srcSet="/images/logo-white.svg 1x, /images/logo-white.svg 2x" src="/images/logo-white.svg"/></noscript></span></div><div class="-my-2 -mr-2"><button type="button" class="inline-flex items-center justify-center rounded-md p-2 text-white focus:outline-none focus:ring-2 focus:ring-inset focus:ring-indigo-500"><span class="sr-only">Close menu</span><svg stroke="currentColor" fill="none" stroke-width="2" viewBox="0 0 24 24" stroke-linecap="round" stroke-linejoin="round" height="24" width="24" xmlns="http://www.w3.org/2000/svg"><line x1="18" y1="6" x2="6" y2="18"></line><line x1="6" y1="6" x2="18" y2="18"></line></svg></button></div></div><nav class="mt-4 flex flex-col gap-2"><a class="-mx-3 rounded-md p-3 font-medium hover:bg-gray-800" href="/hackers/">How it works - Whitehats</a><a class="-mx-3 rounded-md p-3 font-medium hover:bg-gray-800" href="/learn/">Learn</a><a class="-mx-3 rounded-md p-3 font-medium hover:bg-gray-800" href="/leaderboard/">Whitehat leaderboard</a><a class="-mx-3 rounded-md p-3 font-medium hover:bg-gray-800" href="/whitehat-awards/">Whitehat Awards</a><a href="https://reports.immunefi.com/?utm_source=immunefi" class="-mx-3 rounded-md p-3 font-medium hover:bg-gray-800" target="_blank" rel="noopener noreferrer">Report Findings</a><a class="-mx-3 rounded-md p-3 font-medium hover:bg-gray-800" href="/projects/">How it works - Projects</a><a class="-mx-3 rounded-md p-3 font-medium hover:bg-gray-800" href="/audit-competitions/">Audit Competitions</a><a class="-mx-3 rounded-md p-3 font-medium hover:bg-gray-800" href="/invite-only-program/">Invite Only Program</a><a class="-mx-3 rounded-md p-3 font-medium hover:bg-gray-800" href="/managed-triage/">Managed Triage</a><a class="-mx-3 rounded-md p-3 font-medium hover:bg-gray-800" href="/vaults/">Vaults</a><a target="_blank" referrerPolicy="origin" href="https://bugs.immunefi.com/?utm_source=immunefi" class="-mx-3 rounded-md p-3 font-medium hover:bg-gray-800">Login</a><a class="btn-tertiary btn mt-3 block" href="/bug-bounty/">Explore bounties</a></nav></div></div><nav class="hidden items-center space-x-4 font-medium leading-none lg:flex xl:space-x-8 2xl:space-x-12"><div class="relative"><button type="button" class="focus:outline-none"><div class="flex h-5 items-center space-x-2"><div id="options-menu" class="whitespace-nowrap font-medium">Projects</div><svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 320 512" class="duration-75 rotate-0" height="1em" width="1em" xmlns="http://www.w3.org/2000/svg"><path d="M31.3 192h257.3c17.8 0 26.7 21.5 14.1 34.1L174.1 354.8c-7.8 7.8-20.5 7.8-28.3 0L17.2 226.1C4.6 213.5 13.5 192 31.3 192z"></path></svg></div></button><div class="absolute right-0 z-50 mt-2 w-56 origin-top-right rounded-md bg-white shadow-lg ring-1 ring-black ring-opacity-5 focus:outline-none pointer-events-none transition duration-75 ease-in scale-95 opacity-0" role="menu" aria-orientation="vertical" aria-labelledby="options-menu"><div class="py-1" role="none"><a class="block px-4 py-2 text-sm text-black hover:bg-gray-100 hover:text-gray-900" role="menuitem" href="/projects/">How it Works</a><a href="https://immunefisupport.zendesk.com/hc/en-us/categories/5425505980817-For-Projects?utm_source=immunefi" class="block px-4 py-2 text-sm text-black hover:bg-gray-100 hover:text-gray-900" role="menuitem" target="_blank" rel="noopener noreferrer">Help for Projects</a><a class="block px-4 py-2 text-sm text-black hover:bg-gray-100 hover:text-gray-900" role="menuitem" href="/vaults/">Vaults</a><a class="block px-4 py-2 text-sm text-black hover:bg-gray-100 hover:text-gray-900" role="menuitem" href="/managed-triage/">Managed Triage</a></div></div></div><div class="relative"><button type="button" class="focus:outline-none"><div class="flex h-5 items-center space-x-2"><div id="options-menu" class="whitespace-nowrap font-medium">Whitehats</div><svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 320 512" class="duration-75 rotate-0" height="1em" width="1em" xmlns="http://www.w3.org/2000/svg"><path d="M31.3 192h257.3c17.8 0 26.7 21.5 14.1 34.1L174.1 354.8c-7.8 7.8-20.5 7.8-28.3 0L17.2 226.1C4.6 213.5 13.5 192 31.3 192z"></path></svg></div></button><div class="absolute right-0 z-50 mt-2 w-56 origin-top-right rounded-md bg-white shadow-lg ring-1 ring-black ring-opacity-5 focus:outline-none pointer-events-none transition duration-75 ease-in scale-95 opacity-0" role="menu" aria-orientation="vertical" aria-labelledby="options-menu"><div class="py-1" role="none"><a class="block px-4 py-2 text-sm text-black hover:bg-gray-100 hover:text-gray-900" role="menuitem" href="/hackers/">How it Works</a><a href="https://immunefisupport.zendesk.com/hc/en-us/categories/5425506638353-For-Whitehats?utm_source=immunefi" class="block px-4 py-2 text-sm text-black hover:bg-gray-100 hover:text-gray-900" role="menuitem" target="_blank" rel="noopener noreferrer">Help for Whitehats</a><a class="block px-4 py-2 text-sm text-black hover:bg-gray-100 hover:text-gray-900" role="menuitem" href="/learn/">Learn</a><a class="block px-4 py-2 text-sm text-black hover:bg-gray-100 hover:text-gray-900" role="menuitem" href="/leaderboard/">Leaderboard</a><a class="block px-4 py-2 text-sm text-black hover:bg-gray-100 hover:text-gray-900" role="menuitem" href="/immunefi-top-10/">Immunefi Top 10 Bugs</a><a class="block px-4 py-2 text-sm text-black hover:bg-gray-100 hover:text-gray-900" role="menuitem" href="/whitehat-awards/">Whitehat Awards</a><a class="block px-4 py-2 text-sm text-black hover:bg-gray-100 hover:text-gray-900" role="menuitem" href="/hall-of-fame/">Whitehat Hall of Fame</a><a href="https://reports.immunefi.com/?utm_source=immunefi" class="block px-4 py-2 text-sm text-black hover:bg-gray-100 hover:text-gray-900" role="menuitem" target="_blank" rel="noopener noreferrer">Report Findings</a><a class="block px-4 py-2 text-sm text-black hover:bg-gray-100 hover:text-gray-900" role="menuitem" href="/responsible-publication/">Responsible Publication</a></div></div></div><a data-new="true" class="inline-block max-w-min text-center xl:whitespace-nowrap" href="/invite-only-program/">Invite Only</a><a data-new="true" class="inline-block max-w-min text-center xl:whitespace-nowrap" href="/audit-competitions/">Audit Competitions</a><a target="_blank" referrerPolicy="origin" href="https://bugs.immunefi.com/?utm_source=immunefi" class="inline-block max-w-min text-center xl:whitespace-nowrap">Login</a><a class="btn-tertiary btn whitespace-nowrap px-4 xl:px-6" href="/bug-bounty/">Explore bounties</a></nav></div></header><main><div class="space-y-20 lg:space-y-40"><section class="container"><div class="flex flex-col justify-between space-y-10 lg:flex-row lg:items-end lg:space-y-0"><div class="flex max-w-[876px] flex-col space-y-4 lg:space-y-8"><h1 class="text-xl font-medium lg:text-4xl">Rules</h1></div></div></section><section class="container"><div class="prose-white prose max-w-none lg:prose-lg"><section class="mb-12 rounded bg-gray-800 p-8 last:mb-0 LandingPage_landingPage__CB8qQ"><div class="Markdown_markdown__63pVN"><p>Immunefi has a set of rules that govern project and whitehat participation on its bug bounty platform and interaction with Immunefi-run spaces and team. These rules exist in addition to the rules that are listed on each bug bounty program page.</p> <p>Violation of these rules can result in a temporary suspension or permanent ban from the Immunefi platform at the sole discretion of the Immunefi team.</p> <p>For whitehats, this may also result in: 1) forfeiture and loss of access to bug reports, and 2) zero payout.</p> <p>For projects, this may also result in: 1) being removed from the Immunefi platform, and 2) publication of this removal in the case of SLA breakage.</p> <p>Please note that Immunefi has no tolerance for spam/low-quality/incomplete bug reports, beg bounty behavior, misrepresentation of assets and severity, and refusal to pay whitehats.</p> <p>These rules can be changed at any time.</p> <div class="relative"><svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 24 24" aria-hidden="true" class="absolute -left-7 top-2 hidden h-5 w-5" height="1em" width="1em" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" d="M6.32 2.577a49.255 49.255 0 0 1 11.36 0c1.497.174 2.57 1.46 2.57 2.93V21a.75.75 0 0 1-1.085.67L12 18.089l-7.165 3.583A.75.75 0 0 1 3.75 21V5.507c0-1.47 1.073-2.756 2.57-2.93Z" clip-rule="evenodd"></path></svg><h2 id="prohibited-behavior-for-whitehats" node="[object Object]">Prohibited Behavior for Whitehats</h2></div> <ul> <li>Any testing with mainnet or public testnet contracts. Testing on mainnet or public testnet is grounds for an immediate and permanent ban</li> <li>Misrepresenting assets in scope: claiming that a bug report impacts/targets an asset in scope when it does not</li> <li>Misrepresenting severity: claiming that a bug report is critical when it clearly is not</li> <li>Misrepresenting impacts: selecting impacts that do not actually apply to your bug report</li> <li>Automated testing of services that generates significant amounts of traffic</li> <li>Exploiting/attacking or threatening to exploit/attack a project on Immunefi - see this article for <a href="https://immunefisupport.zendesk.com/hc/en-us/articles/9946217628561-Proof-of-Concept-PoC-Guidelines-and-Rules?utm_source=immunefi" node="[object Object]" target="_blank" rel="noopener noreferrer">Immunefi Proof of Concept (PoC) rules</a></li> <li>Whitehacking with intent to save user or protocol funds without the express written consent of the project in the Immunefi Dashboard.</li> <li>Attempting phishing or other social engineering attacks against Immunefi and/or projects on Immunefi</li> <li>Contacting non-support staff at Immunefi about your bug report</li> <li>Harassment, i.e., excessive, abusive, or bad faith communication</li> <li>&#x27;Beg bounty&#x27; behavior, i.e. begging for a bounty reward that is not owed to the whitehat based on the terms of the bug bounty program</li> <li>Requesting gas fees from Immunefi or projects</li> <li>Disputing a bug report in the dashboard once it has been paid or marked as closed, with the exception of requesting mediation</li> <li>Advertising or promotion of services</li> <li>Attacks based on personal characteristics</li> <li>Impersonation of other whitehats</li> <li>Obscene or extremely offensive usernames</li> <li>Threats of violence</li> <li>Threatening to publish or publishing people’s personal information without their consent</li> <li>Extortion/blackmail or threats of extortion/blackmail</li> <li>Posting illegal content</li> <li>Reporting a bug that has already been publicly disclosed</li> <li>Creating multiple accounts on the Immunefi platform</li> <li>Publicly disclosing a bug report--or even the existence of a bug report for a specific project--before it has been fixed and paid</li> <li>Failing to abide by the <a node="[object Object]" href="https://immunefi.com/responsible-publication">Responsible Publication Policy</a> categories set by projects, which determines what whitehats are allowed to publish about their bug reports</li> <li>Publicly posting screenshots from your Immunefi bug reports, unless it is a screenshot of amount rewarded</li> <li>Placeholder bug submissions, i.e., bugs that have a vague title, very few details, and no reproducible steps</li> <li>Submitting a bug report that is not substantially your own (co-submitting with another hacker with their consent is permitted)</li> <li>Submitting duplicates of your original report to the same project to claim additional rewards</li> <li>Submitting spam/very low-quality bug reports and submitting information through our platform that is not a bug report</li> <li>Submitting a bug report in a language other than English</li> <li>Submitting a bug report with no PoC or an incomplete PoC if it is required by the project&#x27;s bug bounty program - see this article for <a href="https://immunefisupport.zendesk.com/hc/en-us/articles/9946217628561-Proof-of-Concept-PoC-Guidelines-and-Rules?utm_source=immunefi" node="[object Object]" target="_blank" rel="noopener noreferrer">Immunefi Proof of Concept (PoC) rules</a></li> <li>Failing to provide KYC information necessary for a bug report payment within a reasonable length of time. Failure to do so may result in forfeiture of payment at Immunefi&#x27;s communication and discretion</li> <li>Providing inauthentic KYC information</li> <li>Routing around Immunefi and communicating with a project directly - negotiations outside of the Immunefi dashboard are considered invalid</li> <li>Submitting bugs via email or any channel other than the <a target="_blank" referrerPolicy="origin" href="https://bugs.immunefi.com/?utm_source=immunefi" node="[object Object]">Immunefi platform</a></li> <li>Submitting AI-generated/automated scanner bug reports</li> <li>Submitting fixes to a project&#x27;s repository without their express consent</li> <li>Unauthorized disclosure or access of sensitive information beyond what is necessary to submit the report</li> <li>Mediation request abuse</li> <li>Promoting any of the behavior listed above</li> </ul> <div class="relative"><svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 24 24" aria-hidden="true" class="absolute -left-7 top-2 hidden h-5 w-5" height="1em" width="1em" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" d="M6.32 2.577a49.255 49.255 0 0 1 11.36 0c1.497.174 2.57 1.46 2.57 2.93V21a.75.75 0 0 1-1.085.67L12 18.089l-7.165 3.583A.75.75 0 0 1 3.75 21V5.507c0-1.47 1.073-2.756 2.57-2.93Z" clip-rule="evenodd"></path></svg><h2 id="prohibited-behavior-for-projects" node="[object Object]">Prohibited Behavior for Projects</h2></div> <ul> <li>Mediation request abuse</li> <li>Abusing the &quot;no fix, no pay&quot; rule by stealth fixing the bug later without providing full payment to the whitehat</li> <li>Routing around Immunefi and communicating with a whitehat directly - negotiations outside of the Immunefi dashboard are considered invalid</li> <li>Claiming a bug report is a known or duplicate issue without clear evidence</li> <li>Paying whitehats who submit bug reports via Immunefi outside of Immunefi</li> <li>Publicly disclosing a bug report before you have both fixed the issue and paid the whitehat</li> <li>Soliciting whitehats on Immunefi for commercial projects or private bug bounty programs</li> <li>Attacks based on personal characteristics</li> <li>Bad faith communication</li> <li>Closing a report without providing detailed information and/or evidence as to why it should be closed</li> <li>Promoting any of the behavior listed above</li> <li>Refusing to provide whitehats or Immunefi with necessary information about their project for invoicing purposes if that information is available</li> <li>Breaking <a href="https://immunefisupport.zendesk.com/hc/en-us/articles/4415204381969-Service-Level-Agreements-SLAs-Notifications-?utm_source=immunefi" node="[object Object]" target="_blank" rel="noopener noreferrer">SLAs</a> regarding responsiveness and bug report resolution</li> </ul> <div class="relative"><svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 24 24" aria-hidden="true" class="absolute -left-7 top-2 hidden h-5 w-5" height="1em" width="1em" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" d="M6.32 2.577a49.255 49.255 0 0 1 11.36 0c1.497.174 2.57 1.46 2.57 2.93V21a.75.75 0 0 1-1.085.67L12 18.089l-7.165 3.583A.75.75 0 0 1 3.75 21V5.507c0-1.47 1.073-2.756 2.57-2.93Z" clip-rule="evenodd"></path></svg><h2 id="behavioral-code" node="[object Object]">Behavioral Code</h2></div> <ul> <li>Be ethical</li> <li>Be respectful and considerate</li> <li>Be professional</li> <li>Be patient</li> <li>Be privacy conscious</li> </ul> <div class="relative"><svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 24 24" aria-hidden="true" class="absolute -left-7 top-2 hidden h-5 w-5" height="1em" width="1em" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" d="M6.32 2.577a49.255 49.255 0 0 1 11.36 0c1.497.174 2.57 1.46 2.57 2.93V21a.75.75 0 0 1-1.085.67L12 18.089l-7.165 3.583A.75.75 0 0 1 3.75 21V5.507c0-1.47 1.073-2.756 2.57-2.93Z" clip-rule="evenodd"></path></svg><h2 id="scope-and-enforcement" node="[object Object]">Scope and Enforcement</h2></div> <p>The team will take all reasonable actions to ensure the successful execution of Immunefi&#x27;s mission and the maximum effectiveness of the project.</p> <p>All material in official project spaces is subject to the rules, and as such, can be deleted, modified, or rejected by the team if it is found to be in violation of the rules. In repeated or severe cases, the team may exclude users from the Immunefi bug bounty platform and/or its project spaces on a temporary or permanent basis.</p></div></section></div></section></div></main><footer class="mt-12 lg:mt-22 bg-gray-800"><div class="container pb-12 pt-8"><div data-testid="Newsletter" class="w-full"><form><div class="grid gap-4 rounded-md bg-gray-900 px-4 py-4 sm:grid-rows-2 lg:grid-cols-2 lg:grid-rows-none lg:gap-10 lg:px-4"><div><p class="text-balance text-center text-[16px] sm:text-base lg:text-left xl:text-lg mx-auto max-w-[350px] lg:mx-0 lg:max-w-none">Hackers subscribed to our newsletter are <br class="hidden sm:inline"/> more likely to earn a Bounty</p></div><div class="grid grid-cols-6"><div class="col-span-4 xl:col-span-5"><input class="flex h-full w-full appearance-none rounded-sm border-none bg-black px-2 py-1 text-[16px] text-gray-400 outline-none sm:text-sm" type="email" placeholder="Your email, please" aria-label="Email address" value=""/></div><button type="submit" class="col-span-2 rounded-sm p-2 text-sm font-medium text-white hover:opacity-80 sm:text-base xl:col-span-1 bg-gradient-to-r from-gradientPurple to-gradientPink">Prove it</button></div></div></form></div></div><div class="container flex flex-col items-center justify-between lg:flex-row"><div class="max-w-[190px] lg:max-w-none"><span style="box-sizing:border-box;display:inline-block;overflow:hidden;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;position:relative;max-width:100%"><span style="box-sizing:border-box;display:block;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;max-width:100%"><img style="display:block;max-width:100%;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0" alt="" aria-hidden="true" src="data:image/svg+xml,%3csvg%20xmlns=%27http://www.w3.org/2000/svg%27%20version=%271.1%27%20width=%27230%27%20height=%2750%27/%3e"/></span><img alt="" src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" decoding="async" data-nimg="intrinsic" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%"/><noscript><img alt="" loading="lazy" decoding="async" data-nimg="intrinsic" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%" srcSet="/images/logo-gradient.svg 1x, /images/logo-gradient.svg 2x" src="/images/logo-gradient.svg"/></noscript></span></div><div class="text-center text-sm text-gray-500">Copyright © Immunefi<span class="block sm:inline"><span class="hidden px-1 sm:inline">–</span>Crypto bug bounty platform</span></div></div><div class="container py-8 pb-[100px]"><div class="flex flex-col-reverse justify-between space-y-8 lg:flex-row lg:space-y-0"><div class="mt-12 space-y-4 font-medium lg:mt-0"><a href="https://twitter.com/immunefi?utm_source=immunefi" class="flex items-center space-x-4" target="_blank" rel="noopener noreferrer"><div class="flex shrink-0 items-center rounded-full border bg-white p-1"><svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 512 512" class="text-black" height="1em" width="1em" xmlns="http://www.w3.org/2000/svg"><path d="M389.2 48h70.6L305.6 224.2 487 464H345L233.7 318.6 106.5 464H35.8L200.7 275.5 26.8 48H172.4L272.9 180.9 389.2 48zM364.4 421.8h39.1L151.1 88h-42L364.4 421.8z"></path></svg></div><span>𝕏 / Twitter</span></a><a href="https://discord.gg/rpkPDR7pVV?utm_source=immunefi" class="flex items-center space-x-4" target="_blank" rel="noopener noreferrer"><div class="flex shrink-0 items-center rounded-full border bg-white p-1"><svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 640 512" class="text-black" height="1em" width="1em" xmlns="http://www.w3.org/2000/svg"><path d="M524.531,69.836a1.5,1.5,0,0,0-.764-.7A485.065,485.065,0,0,0,404.081,32.03a1.816,1.816,0,0,0-1.923.91,337.461,337.461,0,0,0-14.9,30.6,447.848,447.848,0,0,0-134.426,0,309.541,309.541,0,0,0-15.135-30.6,1.89,1.89,0,0,0-1.924-.91A483.689,483.689,0,0,0,116.085,69.137a1.712,1.712,0,0,0-.788.676C39.068,183.651,18.186,294.69,28.43,404.354a2.016,2.016,0,0,0,.765,1.375A487.666,487.666,0,0,0,176.02,479.918a1.9,1.9,0,0,0,2.063-.676A348.2,348.2,0,0,0,208.12,430.4a1.86,1.86,0,0,0-1.019-2.588,321.173,321.173,0,0,1-45.868-21.853,1.885,1.885,0,0,1-.185-3.126c3.082-2.309,6.166-4.711,9.109-7.137a1.819,1.819,0,0,1,1.9-.256c96.229,43.917,200.41,43.917,295.5,0a1.812,1.812,0,0,1,1.924.233c2.944,2.426,6.027,4.851,9.132,7.16a1.884,1.884,0,0,1-.162,3.126,301.407,301.407,0,0,1-45.89,21.83,1.875,1.875,0,0,0-1,2.611,391.055,391.055,0,0,0,30.014,48.815,1.864,1.864,0,0,0,2.063.7A486.048,486.048,0,0,0,610.7,405.729a1.882,1.882,0,0,0,.765-1.352C623.729,277.594,590.933,167.465,524.531,69.836ZM222.491,337.58c-28.972,0-52.844-26.587-52.844-59.239S193.056,219.1,222.491,219.1c29.665,0,53.306,26.82,52.843,59.239C275.334,310.993,251.924,337.58,222.491,337.58Zm195.38,0c-28.971,0-52.843-26.587-52.843-59.239S388.437,219.1,417.871,219.1c29.667,0,53.307,26.82,52.844,59.239C470.715,310.993,447.538,337.58,417.871,337.58Z"></path></svg></div><span>Discord</span></a><a href="https://t.me/immunefi?utm_source=immunefi" class="flex items-center space-x-4" target="_blank" rel="noopener noreferrer"><div class="flex shrink-0 items-center"><span style="box-sizing:border-box;display:inline-block;overflow:hidden;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;position:relative;max-width:100%"><span style="box-sizing:border-box;display:block;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;max-width:100%"><img style="display:block;max-width:100%;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0" alt="" aria-hidden="true" src="data:image/svg+xml,%3csvg%20xmlns=%27http://www.w3.org/2000/svg%27%20version=%271.1%27%20width=%2730%27%20height=%2730%27/%3e"/></span><img alt="" src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" decoding="async" data-nimg="intrinsic" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%"/><noscript><img alt="" loading="lazy" decoding="async" data-nimg="intrinsic" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%" srcSet="/images/telegram.svg 1x, /images/telegram.svg 2x" src="/images/telegram.svg"/></noscript></span></div><span>Telegram</span></a><a href="https://www.youtube.com/channel/UCmulw2BHpP6IiBM0Re0yP5Q?utm_source=immunefi" class="flex items-center space-x-4" target="_blank" rel="noopener noreferrer"><div class="flex shrink-0 items-center"><span style="box-sizing:border-box;display:inline-block;overflow:hidden;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;position:relative;max-width:100%"><span style="box-sizing:border-box;display:block;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;max-width:100%"><img style="display:block;max-width:100%;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0" alt="" aria-hidden="true" src="data:image/svg+xml,%3csvg%20xmlns=%27http://www.w3.org/2000/svg%27%20version=%271.1%27%20width=%2730%27%20height=%2730%27/%3e"/></span><img alt="" src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" decoding="async" data-nimg="intrinsic" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%"/><noscript><img alt="" loading="lazy" decoding="async" data-nimg="intrinsic" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%" srcSet="/images/youtube.svg 1x, /images/youtube.svg 2x" src="/images/youtube.svg"/></noscript></span></div><span>Youtube</span></a><a href="https://www.linkedin.com/company/immunefi?utm_source=immunefi" class="flex items-center space-x-4" target="_blank" rel="noopener noreferrer"><div class="flex h-[30px] w-[30px] shrink-0 items-center justify-center rounded-full bg-white text-center"><span style="box-sizing:border-box;display:inline-block;overflow:hidden;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;position:relative;max-width:100%"><span style="box-sizing:border-box;display:block;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;max-width:100%"><img style="display:block;max-width:100%;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0" alt="" aria-hidden="true" src="data:image/svg+xml,%3csvg%20xmlns=%27http://www.w3.org/2000/svg%27%20version=%271.1%27%20width=%2720%27%20height=%2720%27/%3e"/></span><img alt="" src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" decoding="async" data-nimg="intrinsic" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%"/><noscript><img alt="" loading="lazy" decoding="async" data-nimg="intrinsic" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%" srcSet="/images/linkedin.svg 1x, /images/linkedin.svg 2x" src="/images/linkedin.svg"/></noscript></span></div><span>LinkedIn</span></a></div><div class="flex flex-col space-y-6 font-medium lg:flex-row lg:space-x-20 lg:space-y-0 lg:text-right"><div class="flex flex-col space-y-4"><div class="py-1">EXPLORE</div><a href="/projects/">Projects</a><a href="/hackers/">Hackers</a><a href="/rules/">Rules</a><a href="/safe-harbor/">Safe Harbor</a></div><div class="flex flex-col space-y-4"><div class="py-1">COMPANY</div><a href="/about/">About</a><a target="_blank" referrerPolicy="origin" href="https://immunefi.com/blog/?utm_source=immunefi">Blog</a><a href="https://boards.greenhouse.io/immunefi?utm_source=immunefi" target="_blank" rel="noopener noreferrer">Careers</a><a href="/contact/">Contact</a><a href="https://immunefi.slite.page/p/sPDbHrhujZ21s6/Immunefi-Referral-Program?utm_source=immunefi" target="_blank" rel="noopener noreferrer"> <!-- -->Referral Program</a></div><div class="flex flex-col space-y-4"><div class="py-1">DOCUMENTS</div><a href="/research/">Research</a><a href="/press/">Press</a><a href="https://drive.google.com/drive/u/0/folders/1fKFxkLccjKwvVD6YWPeWJgCxs76z5Pwf?utm_source=immunefi" target="_blank" rel="noopener noreferrer">Brand Assets</a><a href="https://immunefisupport.zendesk.com/?utm_source=immunefi" target="_blank" rel="noopener noreferrer">Help</a></div><div class="flex flex-col space-y-4"><div class="py-1">LEGAL</div><a href="/terms-of-use/">Terms of Use</a><a href="/privacy-policy/">Privacy</a><a href="/employee-verification/">Employee Verification</a></div></div></div></div></footer></div></div><script id="__NEXT_DATA__" type="application/json" nonce="ZDgyZTk3OGItYzk0MC00Yzg0LTk5M2ItYzczYmQ2ZTkwMmYz">{"props":{"pageProps":{"landingPage":{"slug":"rules","title":"Rules","hero_body":"","cta_text":"","cta_url":"","body":"Immunefi has a set of rules that govern project and whitehat participation on its bug bounty platform and interaction with Immunefi-run spaces and team. These rules exist in addition to the rules that are listed on each bug bounty program page. \n\nViolation of these rules can result in a temporary suspension or permanent ban from the Immunefi platform at the sole discretion of the Immunefi team. \n\nFor whitehats, this may also result in: 1) forfeiture and loss of access to bug reports, and 2) zero payout.\n\nFor projects, this may also result in: 1) being removed from the Immunefi platform, and 2) publication of this removal in the case of SLA breakage.\n\nPlease note that Immunefi has no tolerance for spam/low-quality/incomplete bug reports, beg bounty behavior, misrepresentation of assets and severity, and refusal to pay whitehats.\n\nThese rules can be changed at any time.\n\n## Prohibited Behavior for Whitehats\n\n- Any testing with mainnet or public testnet contracts. Testing on mainnet or public testnet is grounds for an immediate and permanent ban\n- Misrepresenting assets in scope: claiming that a bug report impacts/targets an asset in scope when it does not\n- Misrepresenting severity: claiming that a bug report is critical when it clearly is not\n- Misrepresenting impacts: selecting impacts that do not actually apply to your bug report\n- Automated testing of services that generates significant amounts of traffic\n- Exploiting/attacking or threatening to exploit/attack a project on Immunefi - see this article for [Immunefi Proof of Concept (PoC) rules](https://immunefisupport.zendesk.com/hc/en-us/articles/9946217628561-Proof-of-Concept-PoC-Guidelines-and-Rules)\n- Whitehacking with intent to save user or protocol funds without the express written consent of the project in the Immunefi Dashboard.\n- Attempting phishing or other social engineering attacks against Immunefi and/or projects on Immunefi\n- Contacting non-support staff at Immunefi about your bug report\n- Harassment, i.e., excessive, abusive, or bad faith communication\n- 'Beg bounty' behavior, i.e. begging for a bounty reward that is not owed to the whitehat based on the terms of the bug bounty program\n- Requesting gas fees from Immunefi or projects\n- Disputing a bug report in the dashboard once it has been paid or marked as closed, with the exception of requesting mediation\n- Advertising or promotion of services\n- Attacks based on personal characteristics\n- Impersonation of other whitehats\n- Obscene or extremely offensive usernames\n- Threats of violence\n- Threatening to publish or publishing people’s personal information without\n their consent\n- Extortion/blackmail or threats of extortion/blackmail\n- Posting illegal content\n- Reporting a bug that has already been publicly disclosed\n- Creating multiple accounts on the Immunefi platform\n- Publicly disclosing a bug report--or even the existence of a bug report for a specific project--before it has been fixed and paid\n- Failing to abide by the [Responsible Publication Policy](https://immunefi.com/responsible-publication) categories set by projects, which determines what whitehats are allowed to publish about their bug reports\n- Publicly posting screenshots from your Immunefi bug reports, unless it is a screenshot of amount rewarded\n- Placeholder bug submissions, i.e., bugs that have a vague title, very few\n details, and no reproducible steps\n- Submitting a bug report that is not substantially your own (co-submitting with another hacker with their consent is permitted)\n- Submitting duplicates of your original report to the same project to claim additional rewards \n- Submitting spam/very low-quality bug reports and submitting information through our platform that is not a bug report \n- Submitting a bug report in a language other than English\n- Submitting a bug report with no PoC or an incomplete PoC if it is required by the project's bug bounty program - see this article for [Immunefi Proof of Concept (PoC) rules](https://immunefisupport.zendesk.com/hc/en-us/articles/9946217628561-Proof-of-Concept-PoC-Guidelines-and-Rules)\n- Failing to provide KYC information necessary for a bug report payment within a reasonable length of time. Failure to do so may result in forfeiture of payment at Immunefi's communication and discretion\n- Providing inauthentic KYC information\n- Routing around Immunefi and communicating with a project directly - negotiations outside of the Immunefi dashboard are considered invalid\n- Submitting bugs via email or any channel other than the [Immunefi platform](https://bugs.immunefi.com)\n- Submitting AI-generated/automated scanner bug reports\n- Submitting fixes to a project's repository without their express consent\n- Unauthorized disclosure or access of sensitive information beyond what is necessary to submit the report\n- Mediation request abuse \n- Promoting any of the behavior listed above\n\n## Prohibited Behavior for Projects\n\n- Mediation request abuse \n- Abusing the \"no fix, no pay\" rule by stealth fixing the bug later without providing full payment to the whitehat\n- Routing around Immunefi and communicating with a whitehat directly - negotiations outside of the Immunefi dashboard are considered invalid\n- Claiming a bug report is a known or duplicate issue without clear evidence\n- Paying whitehats who submit bug reports via Immunefi outside of Immunefi \n- Publicly disclosing a bug report before you have both fixed the issue and paid the whitehat\n- Soliciting whitehats on Immunefi for commercial projects or private bug bounty programs\n- Attacks based on personal characteristics\n- Bad faith communication\n- Closing a report without providing detailed information and/or evidence as to why it should be closed\n- Promoting any of the behavior listed above\n- Refusing to provide whitehats or Immunefi with necessary information about their project for invoicing purposes if that information is available\n- Breaking [SLAs](https://immunefisupport.zendesk.com/hc/en-us/articles/4415204381969-Service-Level-Agreements-SLAs-Notifications-) regarding responsiveness and bug report resolution\n\n## Behavioral Code\n\n- Be ethical\n- Be respectful and considerate\n- Be professional\n- Be patient\n- Be privacy conscious\n\n## Scope and Enforcement\n\nThe team will take all reasonable actions to ensure the successful execution of Immunefi's mission and the maximum effectiveness of the project.\n\nAll material in official project spaces is subject to the rules, and as such, can be deleted, modified, or rejected by the team if it is found to be in violation of the rules. In repeated or severe cases, the team may exclude users from the Immunefi bug bounty platform and/or its project spaces on a temporary or permanent basis.","cta2_headline":"","cta2_text":"","cta2_url":""},"content":null,"metaData":{"title":"Immunefi - Rules","suffix":"","description":"","url":"https://immunefi.com/rules"}},"__N_SSG":true},"page":"/[landing_slug]","query":{"landing_slug":"rules"},"buildId":"i0RYjUyGnbgpScqdXs58m","isFallback":false,"gsp":true,"scriptLoader":[]}</script></body></html>

Pages: 1 2 3 4 5 6 7 8 9 10