I really hate doing this kind of exposure but it seems its the only way to drag attention for something to be resolved when dealing with vulnerability disclosure reports and getting paid. Communication is not one of Anchors teams strength it appears. /1
Conversation
Will keep this brief. TL;DR -
1. I had promised a 1M personal bounty on critical bugs that falls into immunefi’s 50k critical bug category - this unfortunately did not - fell into 20k category
Anchor team had nothing to do with it, so im not sure how they would respond to u
Second, we leave it to agencies like immunefi to communicate with bounty participants precisely because we lack the time and objectivity to engage ourselves - we simply cannot engage with everything
Delegating is not “poor communication”
1
70
I did not issue the additional 1M bounty because 1) didnt meet requisite criteria, and 2) immunefi recommended against it
2
64
Show replies
If this vuln doesn't rate as critical, nothing does. It's easy to promise big bounties when you never intend to pay them, right? 😉
2
6
This is a dumb take
4
49
Show replies
The mismanagement from is baffling. The contempt to the post is strikingly unprofessional. For gods sake, take ownership, safeguard your critical infrastructure and reward people appropriately. Even I can make 20k in a day and I don’t know how to hack. Laughable.
4
2
Does seem about time to get a PT team or something. Im invested heavy and have been for years but the way Do responds to criticisms or legitimate inquiries sometimes is getting to be Hoskinson-esque. No one wants another IOHK. Said, with love.
2
2
Show replies
Great to See That you answering him. He deserves a smaller bonus.
So he could have control over domains, replace them with their own smart contract. Does that mean that someone using that method could steal the funds of people sending funds to Anchor, or also those who are withdrawing funds?
1