YOOOOOO @commonopoly_ was so kind to take the time and do a custom smol for me. He did my fast food smb! straight ๐ฅ๐ฅ๐ฅ
If this whole crypto thing doesn't work out i'll always have a wagie to fall back on ๐
I Saved Injective's $500M. They Pay Me $50K.
I like hunting bugs on @immunefi . I'm decent at it.
- #1 โ Attackathon | Stacks
- #2 โ Attackathon | Stacks II
- #1 โ Attackathon | XRPL Lending Protocol
- 1 Critical and 1 High from bug bounties (not counting this one)
Life was good. Then I found a Critical vulnerability in @injective .
This vulnerability allowed any user to directly drain any account on the chain. No special permissions needed. Over $500M in on-chain assets were at risk.
I reported it through Immunefi. The next day, a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity.
Then โ silence. For 3 months. No follow up. No technical discussion. Nothing.
A few days ago, they notified me of their decision: $50K. The maximum payout for a Critical vulnerability in their bug bounty program is $500K. I disputed it. Silence again. No explanation for the reduced payout. No explanation for the 3 month ghost. No conversation at all. To be clear: the $50K has not been paid either.
I've seen others share bad experiences with bug bounty payouts recently. I never thought it would happen to me. I can't force them to do the right thing. But I won't let this be forgotten.
I will dedicate 10% of all my future bug bounty earnings to making sure this story stays visible โ until Injective pays what I deserve.
Full Technical Report: https://t.co/lki2tL9bxw
NodeAI is growing fast โก
โ Phase 02 live โ 40K+ GPUs
๐ More deployment templates for different use cases
๐ More provider integrations
๐ RWA scaling & API access
Build on NodeAI today.
#AI#GPU#DePIN#NODEAI