It seems people misunderstood.The post from louis88 they are referring to talks about a totally different vulnerability. He wrote about a vulnerability that could affect anyone who simply visits the site, probably a minor vulnerability like an IP leak.
The one he is asking the bug bounty for is a very critical one. He got access to 1.2B SPS tokens in the validator software. Imagine if a malicious hacker had access to that amount of tokens, they could have drained the whole SPS liquidity pool and dropped the price to zero.
Also, people are using penetration test prices as a reference, which is wrong. A penetration test is paid hourly, whether they find a vulnerability or not. In bug bounty the work is done for free, and payment is only made if a valid vulnerability is found.
ooooooh okay, thanks for clarifying that!
Thank you for the clarification; the situation is now clearer. That said, my original concern remains: this matter should have been handled privately. Publicly announcing the discovery of a vulnerability in a well-known Hive "platform" can inadvertently draw attention to the broader Hive ecosystem and increase risk.
One could also argue that heightened focus on Hive-related platforms may encourage additional vulnerability research by malicious actors. While bridge infrastructure is generally understood to be a common attack surface, the recent Hive Engine bridge incident underscores the importance of responsible disclosure. It also raises the broader question of how many other undiscovered vulnerabilities may still exist across the Hive ecosystem...