A white hat hacker known as f4lc0n has raised concerns over a significant vulnerability he reported to the Injective team, which could have jeopardized over $500 million in user funds. According to Foresight News, the flaw allowed any user to steal funds from any on-chain account without special permissions. The issue was reported through Immunefi, and a mainnet upgrade proposal to fix the vulnerability was submitted for governance voting the following day.<\/p>\n
However, f4lc0n claims that there was no follow-up or technical discussion from the team for three months. Recently, he was informed of the team’s decision to award him $50,000, despite the maximum bounty for critical vulnerabilities being $500,000 under their program. f4lc0n expressed his disagreement with the amount and noted a lack of communication from Injective since then. He also mentioned that the $50,000 has not yet been paid.<\/p>\n
To ensure the issue remains in the public eye, f4lc0n has pledged to donate 10% of his future bug bounty earnings until he receives the compensation he believes he is owed from Injective.\u00a0<\/p>\n