I really hate doing this kind of exposure but it seems its the only way to drag attention for something to be resolved when dealing with vulnerability disclosure reports and getting paid. Communication is not one of Anchors teams strength it appears. /1
Conversation
Will keep this brief. TL;DR -
1. I had promised a 1M personal bounty on critical bugs that falls into immunefi’s 50k critical bug category - this unfortunately did not - fell into 20k category
Anchor team had nothing to do with it, so im not sure how they would respond to u
7
6
159
Second, we leave it to agencies like immunefi to communicate with bounty participants precisely because we lack the time and objectivity to engage ourselves - we simply cannot engage with everything
Delegating is not “poor communication”
1
70
I did not issue the additional 1M bounty because 1) didnt meet requisite criteria, and 2) immunefi recommended against it
2
64
But why not pay anyway? If we paid people millions outside of predeclared rules for sidestepping bug bounty channels and bugging many members of our team over dms and twitter, it sets pretty perverse incentives
2
61
I am very protective of my time, and I do not appreciate you forcing me to engage with this on open twitter like a threadoooor
I do, however, appreciate all the attention you pay to the Terra ecosystem
Wish you the best of luck, and hope we can move on. Cheers
Idk, think 100 or 120k
47
ty for reply.
1. I didn't even tag you, I'm not "forcing" you to do anything.
2. providing anchor's security assessment recommendations based on a vulnerability table lookup checks out with the rest of bug bounty industry. lol
3. It was poor communicated, ask around.
1
20
Show replies
I don’t get the miffed response by Do here. The guy is trying to help TFL immeasurably….inside or outside bounty rules I couldn’t care less.
2
Show more replies