Summary On Mar 28, 2023, whitehat rootrescue submitted a critical bug in Enzyme Finance via Immunefi, which the Enzyme team quickly confirmed and fixed. This critical bug could have led to the draining of Enzyme’s Vault which funds paymasters and enables Enzyme’s contracts to utilize the Gas Station Network. The Enzyme…

Introduction When most people think about web3 security, they think about smart contracts holding hundreds of millions of dollars of funds. But web3 security is much broader than that. In this article, we’re going to talk about the intersection between web2 and web3 in NFT marketplaces, and how you can find…

Introduction Whitehacking is the process of exploiting a project’s vulnerable smart contracts with the intent of taking and returning all funds to their rightful owner(s). For blockchain developers, whitehacking their own project’s smart contracts is one of the most stressful moments of their entire lives because of how much money and…

Introduction The Immunefi Standard Badge sets the bar for all projects on the Immunefi platform. …

Introduction When submitting a bug report, the most important step a whitehat can take is to prove the magnitude of the bug’s impact. The higher the real and immediate impact, the higher the payout. It’s that simple. In this article, we’ll show you how to determine the funds at risk for…

Bug bounty program pages are something we take incredibly seriously at Immunefi. We painstakingly designed the bounty program page's basic format to revolutionize web3 security and the bug bounty industry. …

Introduction It’s an eternally frustrating experience for whitehats to find a bug in a project on Immunefi with a real, in-scope impact, only for them to find that it’s out-of-scope because the asset isn’t listed in the bug bounty program. The project then fixes the bug, which may save user or…

Introduction The Platypus Finance protocol was hacked on February 16, 2023, resulting in a loss of about $8.5m in stablecoin collateral to a logic error exploit. …

Introduction The BonqDAO protocol was hacked on February 1st, 2023, losing around $120m in funds to a price oracle manipulation attack. A vulnerable price feed implementation allowed the attacker to momentarily change the price of the WALBT token to borrow much more protocol stablecoin (BEUR) then they were entitled to. About…