Created
October 19, 2025 08:08
-
-
Save monperrus/10912c78b083e048a33dbeb8761a15ce to your computer and use it in GitHub Desktop.
Immunefi – Security Researchers Terms & Conditions Oct 19 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Immunefi -- Security Researchers Terms & Conditions (Clickwrap | |
| Agreement) | |
| As a condition of your participation in Immunefi's Bug Bounty Programs, | |
| including the submission of bug reports, you agree to be bound by the | |
| following terms and conditions. If you do not agree to these terms and | |
| conditions you should not submit any bug report or access the Immunefi | |
| Platform for any purpose. | |
| 1. Definitions | |
| "Bug Bounty Program" or "BBP" means a series of cybersecurity-related | |
| tasks and associated Research Fees developed jointly by Immunefi and | |
| Customer for the purpose of encouraging ethical cybersecurity | |
| researchers to discover vulnerabilities or other cybersecurity-related | |
| issues in Customer's blockchain network or protocol. | |
| "Bug Reports" means responsive reports to Customer's Bug Bounty Program | |
| submitted by Security Researchers through the Platform. | |
| "Platform" means the system and/or interface through which the Immunefi | |
| Services are provided to Customer and includes, without limitation, all | |
| ideas, concepts, inventions, systems, platforms, software, interfaces, | |
| tools, utilities, templates, forms, techniques, methods, processes, | |
| algorithms, know-how, Intellectual Property Rights, trade secrets and | |
| other technologies, implementations and information that are proprietary | |
| to or used by Immunefi (which may be licensed from a contracted | |
| affiliate) in connection with providing the Immunefi Services or as | |
| otherwise related to its business. | |
| "Research Fee" means the amount set forth in Customer's Bug Bounty | |
| Program payable to a Security Researcher for such Security Researcher's | |
| role in uncovering and reporting to Customer a cybersecurity | |
| vulnerability in Customer's network. | |
| "Security Researcher" means a cybersecurity professional who uses their | |
| skills and knowledge in hacking to identify vulnerabilities and | |
| weaknesses in Customer's computer systems, networks, or applications for | |
| the benefit of Customer. | |
| 2. No Warranties. Use at your own risk. | |
| Your participation in Bug Bounty Programs on the Immunefi Platform is | |
| solely at your own risk. Immunefi makes no warranty to Security | |
| Researchers of any kind. | |
| THE SERVICES AND THE PLATFORM ARE PROVIDED BY IMMUNEFI "AS AVAILABLE" AND "AS IS" AND IMMUNEFI MAKES NO WARRANTIES, EITHER EXPRESS OR IMPLIED, AS TO ANY MATTER WHATSOEVER, INCLUDING WITHOUT LIMITATION THE AVAILABILITY AND CONDITION OF THE SERVICES AND THE PLATFORM AND IMMUNEFI EXPRESSLY DISCLAIMS ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE OR NEED, ACCURACY OR FREEDOM FROM ERROR, AND ALL WARRANTIES THAT MAY ARISE FROM COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE. THIS SECTION WILL BE ENFORCEABLE TO THE FULLEST EXTENT ALLOWED BY APPLICABLE LAW. NO INFORMATION OR ADVICE (WHETHER WRITTEN, ORAL OR OTHERWISE) PROVIDED BY IMMUNEFI OR ITS REPRESENTATIVES WILL CREATE ANY WARRANTY OR IN ANY WAY AFFECT THE DISCLAIMERS OF WARRANTY OR LIMITATIONS OF LIABILITY EXPRESSLY PROVIDED IN THIS AGREEMENT. | |
| 3. LIMITATION OF LIABILITY | |
| TO THE EXTENT ALLOWED BY APPLICABLE LAW AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY OR LIMITATION OF LIABILITY: (A) IMMUNEFI WILL NOT BE LIABLE FOR ANY INCIDENTAL, SPECIAL, PUNITIVE, CONSEQUENTIAL, LOST PROFITS, OR INDIRECT DAMAGES OF ANY KIND IN CONNECTION WITH THIS AGREEMENT, INCLUDING WITHOUT LIMITATION RELATING TO IMMUNEFI'S PERFORMANCE OF THE SERVICES AND YOUR USE OF THE SERVICES AND PLATFORM; AND (B) IMMUNEFI'S ENTIRE AGGREGATE LIABILITY TO ANY PERSON OR ENTITY ARISING FROM OR RELATING TO THIS AGREEMENT, UNDER ANY LEGAL THEORY (WHETHER IN CONTRACT, TORT, INDEMNITY OR OTHERWISE), WILL NOT EXCEED ONE HUNDRED DOLLARS (US). | |
| 4. Compliance with Applicable Laws. | |
| You are responsible for complying with all applicable laws in the | |
| conduct of your research and creation and submission of Bug Reports. | |
| Failure to comply with any applicable law shall be considered a | |
| material breach of these terms and result in immediate termination of | |
| your access to the Immunefi Platform and your ineligibility to receive | |
| any Research Fees for which you may have otherwise qualified. | |
| 5. Prohibited Conduct. | |
| You agree not to do any of the following in your use of the Platform | |
| (including the submission of Bug Reports and interactions with | |
| Immunefi and Immunefi customers): | |
| 1. Any testing with mainnet or public testnet contracts other than as | |
| approved by the applicable Bug Bounty Program. | |
| 2. Making any intentional misrepresentation regarding any aspect of a | |
| Bug Report. | |
| 3. Automated testing of services without prior authorization that | |
| generates significant amounts of traffic or submitting | |
| AI-generated/automated scanner bug reports; | |
| 4. Attempting physical testing (e.g., office access, open doors, | |
| tailgating), phishing, or any other social engineering attacks | |
| against Immunefi and/or projects on Immunefi | |
| 5. Creating multiple accounts on the Immunefi platform; | |
| 6. Engaging in harassment, extortion, threats of violence, or any other | |
| hostile, abusive, or fraudulent behavior towards Immunefi, Immunefi | |
| customers or other Secruity Researchers participating on the | |
| Immunefi Platform; | |
| 7. Attempting any unauthorized access to the computer systems or code | |
| repositories of Immunefi or Immunefi's customers for any purpose | |
| other than as authorized or prescribed by the applicable Bug Bounty | |
| Program. For clarity, good faith bug hunting activity pursuant to an | |
| active Bug Bounty Program shall not be deemed a violation of these | |
| terms. | |
| 8. Submitting bugs via email or any channel other than the [Immunefi | |
| platform](https://bugs.immunefi.com/) | |
| 9. Attempting to communicate with any Immunefi Customer outside of the | |
| Immunefi Platform for the purpose of circumventing Immunefi or | |
| interfering in any way with Immunefi's relationship with any of its | |
| customers | |
| 10. Requesting gas fees from Immunefi or projects; | |
| 11. Submitting frivolous Bug Reports, or other materials considered to | |
| be spam in the sole discretion of Immunefi | |
| 12. Submitting Bug Reports in any language other than English | |
| 13. Failing to abide by the [Responsible Publication | |
| Policy](https://immunefi.com/responsible-publication/) categories | |
| set by projects, which determines what Security Researchers are | |
| allowed to publish about their bug reports | |
| 14. Demonstrating a pattern of submitting poor quality and/or | |
| noncompliant reports as determined by Immunefi in its sole | |
| discretion | |
| 6. Payment for Valid Bug Reports | |
| Immunefi is not responsible for the payment of any Bug Bounty. Bug | |
| Bounties are paid directly to You by the Immunefi customer sponsoring | |
| the Bug Bounty Program.\ | |
| \ | |
| Payments are made in some form of crypto-asset and directed to such | |
| wallet as you designate. Any income taxes related to your receipt of | |
| Bug Bounty payments are solely your responsibility. | |
| You may be required to provide personal information to satisfy Know Your | |
| Customer (KYC) and/or anti-money laundering (AML) legal requirements in | |
| order to qualify for payment of a Bug Bounty. These requirements are at | |
| the sole discretion of the Immunefi customer sponsoring the Bug Bounty | |
| Program and will be set forth in the Bug Bounty Program. Failure to | |
| comply with these requirements will result in you being ineligible for | |
| such Bug Bounty payment. You understand and acknowledge that you should | |
| not submit any Bug Reports for Bug Bounty Programs that require KYC/AML | |
| disclosure if you do not intend to cooperate with such requirements. | |
| 7. Original Work/Transfer of Rights | |
| You represent and warrant that: i) any Bug Report submitted by you is | |
| your own original work and does not infringe the intellectual property | |
| rights (including copyright) or any other right of any third party; and | |
| ii) in the event that any Bug Report submitted by you results in the | |
| payment of a Research Fee to you that you will cooperate with all steps | |
| reasonable and necessary to transfer any copyright or other intellectual | |
| property right to such party as may be designated in the applicable Bug | |
| Bounty Program. | |
| 8. OFAC Compliance | |
| You represent and warrant that you are not a citizen of or otherwise | |
| accessing Immunefi from geographic regions subject to sanctions by the | |
| United States Office of Foreign Asset Control ("OFAC"), including but | |
| not limited to the nations of Belarus, Burma (Myanmar), Cuba, Democratic | |
| Republic of Congo, Iran, Iraq, Liberia, North Korea, Sudan, Syria, | |
| Yemen, and Zimbabwe and certain areas of Ukraine, (e.g., Crimea, | |
| Donetsk, and Luhansk) (collectively, "Prohibited Jurisdictions"), or if | |
| the User is otherwise listed as a Specially Designated National by OFAC | |
| 9. Adherence to Bug Bounty Program Documentation | |
| You agree to comply with and be bound by any special terms and | |
| conditions included in any Bug Bounty Program for which you submit a Bug | |
| Report. | |
| 10. Governing law and Dispute Resolution | |
| This Agreement shall be governed by and construed in accordance with the | |
| laws of England and Wales without regard to the conflicts of law | |
| provisions thereof. Any controversy or claim arising out of or relating | |
| to this Agreement, or the breach thereof, shall be settled by | |
| arbitration (to be held in English) in accordance with Exhibit A. By | |
| signing this Agreement, Customer hereby expressly consents to settle any | |
| and all claims or controversies arising out of this Agreement by binding | |
| arbitration subject to the terms set forth in Exhibit A. YOU WAIVE YOUR | |
| RIGHT TO A TRIAL BY JURY AND AGREE THAT ARBITRATION IS THE SOLE AND | |
| EXCLUSIVE MEANS OF SETTLING ANY CLAIM, CONTROVERSY, OR DISPUTE ARISING | |
| OUT OF OR IN CONNECTION WITH THIS AGREEMENT. This arbitration provision | |
| only applies where the Immunefi Customer has extended an Offer to | |
| Arbitrate in the Bug Bounty Program. If the Immunefi Customer has not | |
| made such an offer to arbitrate then You may pursue any legal remedy | |
| through any court that may have jurisdiction over the dispute. | |
| 11. General Applicability of Terms of Use and Privacy Policy | |
| You understand that your use of the Immunefi Platform and website | |
| remains subject to the Immunefi Terms of Use and Privacy Policy. | |
| 12. Disciplinary Action by Immunefi | |
| You understand and acknowledge access to the Platform is a privilege and | |
| not a right. You further understand and acknowledge that any violation | |
| of any of these Terms and Conditions or applicable law may result in: | |
| (1) temporary suspension or a permanent ban from the Immunefi platform | |
| at the sole discretion of Immunefi; (2) forfeiture and loss of access to | |
| bug reports; and/or (3) forfeiture of your right to receive a payout | |
| from a Bug Bounty Program. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment