I have Reported Vulnerability Security Misconfiguration IN SPF:
About Issue :- There is no TXT record in the DNS zone that defines Sender Policy Framework entry for domain https://honeyswap.org/
Issue Reported On : 3/18/25, 9:20 PM
Patched On : :- 3/19/25, 8:44 AM By Paul
Amount of 610 USDT requested:
**Ethereum ERC - USDT address : 0xA8D2CEAaC1A37a4054656966999998c9aB4078C0
I feel this one should NOT be paid, we only can cover the contract part only.
last time wall and I made only contract to be paid due to the risk.
we believed anything else could be gamed, also there always going to be a bug somewhere. !
thank you for helping but this should be voted out imo.
Yeah this is very edgy, there is some precedence of bounty paid for non contract vuln (Email Spoofing Vulnerability Payout), its just a case by case policy, the exploitable risk here was to spoof with official email to Honeyswap users as [email protected]. Once he revealed the vuln, we decided to fix it on our end, so we basically accepted the bounty transaction by doing that and for the credibility of 1hive we decided to proceed with ~$600 payment to pay him. Would like it to be a democratic decision but for obvious reason, we cannot really disclose this problem in more public chat.
But I would totally understand if this proposal ends to be challenged, here would be the democratic effect applied. We just need to be aware that it could create a precedence of non paid but fixed bounty even if its not cover by the official bounty policy (that might need a freshup).
I was waiting a little bit for any other answers from community but I will push it to be executed but I will let the time to dispute it (~9 days).