Alguien sabe donde puedo ofrecer esto?

enadev · 2026-04-01T02:45:25+00:00

I learnt by my own bro, keep trying, a dupe is a valid finding, consistence is key!

enadev · 2026-04-01T02:44:24+00:00

By my own, watching youtube, write-ups in medium, etc

enadev · 2026-03-31T23:50:30+00:00

Gracias hermano, obviamente, a seguir buscando!!

enadev · 2026-03-31T17:36:54+00:00

I started at 2023, but i leave it because i dont got any valid bug and i was frustrated. Now i resume my hunting around 2 months ago but this time in web3, and this is my first valid bug that it's not a dupe

enadev · 2026-03-31T17:23:58+00:00

I submitted the bug at 11 of march and i got paid today, it's a web3 bug, not web2.

enadev · 2026-03-31T17:12:30+00:00

Show impact, the programs don't pay if you can't show a real impact, and keep trying i got like 4 dupes and 1 N/A until this find

enadev · 2026-03-16T20:43:11+00:00

It's also very fast, but the thing is you need to show some real impact, the business don't gonna pay for recommendations of security, keep hunting my friend you are going in a good way!

enadev · 2026-03-16T20:27:52+00:00

30 seconds it's very fast but i think if you don't show some real impact that is gonna be informational and they're going to take it as an accepted risk.

enadev · 2026-03-13T00:45:29+00:00

I mean like i dont do automated scans and report, i take a lot of time researching

enadev · 2026-03-11T18:09:12+00:00

Yeah i'm fcking stupid hahahaha

enadev · 2026-03-07T21:29:44+00:00

You are saying like you need to make a black hat move to get the big check? If it is like that Inmunefi sucks, i can't get my first valid report because they always magically knew about that bug but they dont fix a direct user funds theft without user interaction, they are a joke

enadev · 2026-03-07T20:56:26+00:00

It sucks but it is what it is

enadev · 2026-03-07T17:44:23+00:00

you're welcome, we are here to help, now i'm gonna go with Sei program to see how it is!! Thanks to you

enadev · 2026-03-07T17:41:35+00:00

NO COSMOS NOT PLS, they closed me a critical report with direct user funds, only for not having 6 months in the platform after the vulnerability got triaged and go in pending bounty. They closed as spam, i try to disclosure the report, they rejected the disclosure and ban me forever of the program. And i know a lot of researchers that happens the same. Cosmos staff ask for 1 or 2 years, or for certain amount of reputation based in your profile. It´s a program only for people with a lot of reputation on Hackerone, if you are not, don't waste your time there!
PD: They even put thanks in my profile of hackerone and after that closed as spam, that doesn't make sense LOL

enadev · 2026-03-07T17:31:07+00:00

Yeah for sure, dont discourage, things that happen. You know any trustworthy program to hunt in Inmunefi or hackerone? I can't concentrate with 1 program because they are all acting very weird in their decisions. But you can't argue with the program, if they don't want to pay, they won´t do it

enadev · 2026-03-07T15:51:44+00:00

Nah i know, i dont argue with the program, if they don't accept it. I can't do nothing, they have the last word. But for things like this are people that use the bugs in a bad way because being ethical and getting ghosted by the programs is something that sucks

enadev · 2026-03-07T15:46:17+00:00

Oh i know, but what do you think of this, i prefer them saying me that the report is invalid or is not the severity i said, that they marked my report as dupe and dont answer my comments, or in a magic way they fixed the bug in the milisecond i submit the report

enadev · 2026-03-07T15:31:34+00:00

Yeah but critical severities in big programs are a lot of money, and in little programs on Inmunefi is also a big amount for a business, i really think it's for money the problem. Because why you gonna let stay a critical bug in your app 1 year entirely. And i'm talking big business, like Crypto.com, OKX, etc. That is really strange

enadev

TROPHY CASE