Skywalker

Today, we are introducing Immunefi Studio, a new suite of tools built with and for Immunefi’s security researcher community. Finding a real bug is only half the battle. The other half is proving it clearly enough to get paid. A strong finding can still be weakened by missing evidence, unclear impact, vague PoCs, unsupported claims, poor framing, or duplicate risk. Immunefi Studio is designed to help researchers before two critical moments: Before they start hunting and before they submit. The first tools are Studio Review and Studio Signals. Studio Review helps researchers strengthen bug reports before they submit to a real program. It gives structured feedback on clarity, PoC strength, impact quality, plausibility, missing evidence, unsupported claims, and duplicate risk. Sometimes the bug is real, the report is strong, and the impact is clear, but the same underlying issue may have already been reported. Studio Review helps researchers check whether their report may overlap with an existing or previously submitted finding in real time, so they can sharpen their angle, clarify what makes their discovery different, and avoid wasting their best work. It also helps researchers write, review, improve weak spots, and submit only when the report is stronger. Studio Signals helps researchers decide where their time is most likely to pay off. Choosing the wrong target is costly. Researchers can spend hours reading docs, tracing contracts, building context, and looking for a real vulnerability, only to realize the program does not move at the speed, severity profile, or payout opportunity they expected. Studio Signals gives researchers better intelligence before they commit serious research time. It shows real program data, including paid-to-closed ratio, payout speed, confirm-to-paid velocity, response speed, outcomes across severity levels, and other key signals. The headline max bounty is not the full story. Studio Signals helps researchers look beyond brand name, max bounty, and guesswork, so they can choose programs with more context and better alignment to their skills, goals, and time. Together, Studio Signals helps researchers hunt smarter, and Studio Review helps researchers submit stronger. Immunefi Studio is currently rolled out to 20% of users, with a full release coming soon. Start using Immunefi Studio today or join the waitlist: https://t.co/l1W4hC8cCY More tools are coming.

Researchers asked us to remove submission limits. So we did. But only for the people serious enough to put skin in the game. Here’s the problem: In fast-moving audit competitions and bug bounty programs, researchers often find multiple valid issues early. But submission limits can force them to wait. And that waiting can cost them. They find the issue first. But can’t submit yet. Someone else reports it before their limit reset, or the project simply fixes it. That changes today. Here’s how it works: On pay-to-submit programs, researchers are no longer blocked by their usual submission caps. Each per-report fee unlocks one report submission, even if the researcher has already hit their limit. Once the payment is confirmed, the report can be submitted. That means: - Hit your 24-hour submission limit? You can still submit. - Have multiple reports under review? You can still submit. - Found multiple valid issues early? Each payment unlocks one submission. No more losing valid findings just because the submission clock had not reset.

One of the clearest proof points yet for Anchor and multi-client DVT 👇 A new performance report on Lido’s research forum highlights very strong results for Anchor, SSV Network’s second client, after a 2-month evaluation on Hoodi. This is exactly the kind of validation a real second client needs. 🧵

Just shipped on Immunefi: Priority Mediation. For a while now, security researchers have been telling us the same thing: when you've put real work into a report and you believe in it, waiting weeks for a mediator to pick it up is brutal. Priority Mediation now lets researchers who are confident in their submission pay to get faster resolution with a hard commitment: resolution within 30 business days, mediator status updates at least every 7 business days along the way. A couple things I want to be explicit about, because they matter: 1) Free mediation requests are reviewed by the same trained mediators, using the exact same decision framework. 2) The tier you choose affects the queue, not the verdict. A paid mediation does not buy you a favorable outcome. It buys you speed and additional hands-on activity. Every case gets the same impartial review, full stop. If we ever blurred that line, the whole system would be worthless. This is one of several changes we're shipping based on direct researcher feedback. Keep it coming so we can usher in SR Summer.