bug-bounty

# Bug Bounty/Security Disclosure Skill Expert management of bug bounty programs and responsible security disclosure for blockchain protocols. ## Capabilities - **Program Setup**: Configure bug bounty programs on Immunefi and other platforms - **Scope Definition**: Define assets, severity tiers, and exclusions - **Vulnerability Triage**: Assess and validate security reports - **Responsible Disclosure**: Coordinate disclosure timelines and communications - **Bounty Management**: Calculate and process bounty payments - **Post-Disclosure**: Conduct post-mortem analysis and lessons learned ## MCP/Tool Integration | Tool | Purpose | Reference | |------|---------|-----------| | **Trail of Bits Skills** | Security analysis, property testing | [building-secure-contracts](https://github.com/trailofbits/skills) | | **Slither MCP** | Static analysis for validation | [slither-mcp](https://github.com/trailofbits/slither-mcp) | | **Phalcon MCP** | Transaction analysis | [phalcon-mcp](https://github.com/mark3labs/phalcon-mcp) | ## Bug Bounty Program Setup ### Immunefi Program Structure ```yaml program: name: "Protocol Name" website: "https://protocol.xyz" assets: smart_contracts: - type: "Smart Contract" target: "0x..." severity: "Critical" websites: - type: "Web Application" target: "https://app.protocol.xyz" severity: "High" severity_levels: critical: range: "$100,000 - $1,000,000" description: "Direct t...