PANews reported on November 13 that according to Cointelegraph, the Web3 vulnerability bounty platform Immunefi issued a 90-day suspension notice to the white hat security company Trust Security. The decision was made after Trust Security accused Immunefi of unreasonably refusing to pay the bounty for discovering a major vulnerability that could lead to the theft of funds.
On November 12, Trust Security revealed on the X platform that its bounty team had discovered a major vulnerability on a forked mainnet of an unnamed project that could lead to the theft of funds. The proof-of-concept for the vulnerability was submitted to Immunefi, which acts as an intermediary between white hats and projects to ensure that bounties are paid after a credible vulnerability is confirmed. However, the project claimed that Trust Security had discovered an out-of-scope vulnerability, which would prevent white hats from receiving bounty rewards.
According to Trust, Immunefi wrongly sided with the project's "ridiculous arguments" and offered a "minuscule goodwill bounty" instead of the full reward it deserved for identifying a major vulnerability. Immunefi refuted Trust's claims of an unfair payment and imposed a 90-day ban on it for "a mischaracterization of the issue at hand." The bug bounty platform also threatened to permanently ban Trust if it violated the rules again.