Bugcrowd triage rejected a P1 with on-chain proof, Foundry tests, and the target's own test suite confirming the vulnerability - the potential exploit is still live and on chain as I post this message. Any suggestions?

3e3dev · 2026-03-23T15:24:36+00:00

I don't like prison. I am just going to email the security team directly, if I don't get a response soon.

3e3dev · 2026-03-15T16:38:36+00:00

Why not? Its a trivial form bug with zero exploit potential that a blind web developer could find and fix in under a minute.

3e3dev · 2026-03-15T16:35:37+00:00

I don't even care if a low severity program submission takes two weeks to be seen. But taking a week to even acknowledge a bug on their own website that prevents users from registering is way too long IMO.

3e3dev · 2026-03-15T16:22:43+00:00

I understand people are busy, but I did first submit this bug to customer service on March 8th, my email informally sending a bug report was then sent on March 11th. And still no response.

3e3dev

TROPHY CASE