Learn with Immunefi Resources

Unlock the secrets to becoming a top-tier security researcher on Immunefi with our curated resources and expert guidance. Whether you're just starting out or looking to refine your skills, our platform offers a comprehensive set of articles, repositories, and insights to help you advance in the dynamic world of Web3 security.

The Learn page is divided into 3 categories:

1. Initiation: learn the ropes of Web3 security with Immunefi’s curated list of resources
2. Training Grounds: Receive your first rewards by building a strong report
3. Mastery: Achieve Elite status on Immunefi through additional resources

Learn to become a bug bounty hunter on Immunefi, from Web3 security introductions to how Immunefi’s platform works. This section will take you from a complete beginner to a Web3 bug bounty hunter, making you ready to hunt for your first bounty.

Intro to Web3 Security - A comprehensive guide that provides an in-depth exploration of blockchain vulnerabilities, common attack vectors, and the methods used by security researchers to exploit and secure blockchain technologies.

Web3 Security Library - An Immunefi-curated list of links on blockchain concepts, tools, vulnerabilities, and bugfix reviews

How it works - How Immunefi works as a platform for bug bounty hunting.

Prohibited Behavior - Immunefi rules to follow

Your first day as a bug bounty hunter on Immunefi - Understand the basics of Immunefi and its scaling bug bounty, how our platform works, and what to expect on your first submission

Once you have learned the basics through our Initiation module, or you already have experience hunting bugs, it is important to get familiar with how to find and write bugs that get paid on Immunefi. This section will take you through how to utilize our severity classification systems to frame the bugs appropriately, how-to guides and checklists on bug report necessities, assessing your bug’s impact, and help center articles for whitehats to write reports that will get you your first rewards.

Severity Classification Systems - a detailed framework for assessing blockchain vulnerabilities across various categories, using a five-level scale (Critical to None) to classify the severity of bugs based on their impact on networks, smart contracts, and websites/apps.

Hacker's Guide to submitting bugs on Immunefi - step-by-step guide for security researchers to submit high-quality bug reports on the Immunefi platform, ensuring standards for accuracy, completeness, and reproducibility, ultimately leading to faster validation and payouts.

Bug Report Checklist - essential checklist for submitting bug reports, confirming program scope, providing clear and complete descriptions, using appropriate severity classifications, and submitting valid proof of concept (PoC).

Help Center articles on bug submission - help center articles from Immunefi about bug report submissions

Assessing your bug's impact - help center articles from Immunefi on bug impact assessment

After submitting your first report and getting your first rewards, your bug bounty hunting journey continues from novice hunter to Elite. Consult our repositories and lists of previous paid reports to continue learning from the latest high-paying bug reports from bounties and Boosts.

Bugfix writeups - a repository of bugfix writeups from Immunefi and security researchers who earned rewards on Immunefi

Boost report library - a repository of reports that were paid on Immunefi Boosts

Immunefi research - A list of research made by Immunefi regarding crypto losses, hacks, and more