frontpage.

I just got banned by Immunefi for reporting a real replay attack on LayerZero V2.

I discovered that lzReceive() allows infinite replays of valid cross-chain messages, due to the lack of guid tracking. This results in repeated token crediting — a critical flaw.

My PoC used real deployed contracts, no forged data. The vulnerability is 100% reproducible.

Instead of investigating, Immunefi rejected my report without a technical rebuttal — and banned me for "complexity poaching".

Full Story: https://medium.com/@tangouvitch/immunefi-banned-me-for-reporting-a-real-replay-attack-in-layerzero-v2-71d5ee0ff102

Do you think this is a valid bug? Was the ban justified? Should Immunefi be held accountable?

Curious to hear what the Ethereum community thinks.

I'm Peter Roberts, immigration attorney who does work for YC and startups. AMA

Ask HN: Any active COBOL devs here? What are you working on?

Ask HN: Will AI models over time converge into the same system?

Ask HN: What Pocket alternatives did you move to?

Ask HN: OpenAI zero'd balance (actual money, not free credits) after inactivity

Ask HN: Does anyone have OpenBSD projects looking for unpaid/paid help?

Ask HN: GCP Outage?

Ask HN: What's Your Useful Local LLM Stack?

Ask HN: Where do you guys find audiobooks?

Ask HN: How did Soham Parekh get so many jobs?

Gmail's backup codes are useless to access account

Tell HN: Notion Desktop is monitoring your audio and network

Ask HN: Changing Developer Career Specialty

Ask HN: Cursor is using 269,738 tokens to edit 1200 token file

Ask HN: Is it time to fork HN into AI/LLM and "Everything else/other?"

Ask HN: How do you find free academic/scientific material?

Ask HN: What is the state of support for mutable torrents?

I just got banned by Immunefi for reporting a real replay attack on LayerZero V2

Ask HN: How are you tracking dev productivity without feeling micromanaging?

Ask HN: Is OpenAI Acquiring Cursor?

Ask HN: How do you stay on top of AI tech?

Ask HN: What should we do about state ID legislation?

How big is carpooling market?

Google raising Nest Aware Plus pricing by 25%

Ask HN: Developer-as-a-Service?

Ask HN: What is the best way to learn 3D modeling for 3D printing?

AIHint an open standard for signed verifiable metadata readable by AI on the web

Tell HN: Humanloop acquired, sunsetting Sept 8th

I just got banned by Immunefi for reporting a real replay attack on LayerZero V2

Comments

I'm Peter Roberts, immigration attorney who does work for YC and startups. AMA

Ask HN: Any active COBOL devs here? What are you working on?

Ask HN: Will AI models over time converge into the same system?

Ask HN: What Pocket alternatives did you move to?

Ask HN: OpenAI zero'd balance (actual money, not free credits) after inactivity

Ask HN: Does anyone have OpenBSD projects looking for unpaid/paid help?

Ask HN: GCP Outage?

Ask HN: What's Your Useful Local LLM Stack?

Ask HN: Where do you guys find audiobooks?

Ask HN: How did Soham Parekh get so many jobs?

Gmail's backup codes are useless to access account

Tell HN: Notion Desktop is monitoring your audio and network

Ask HN: Changing Developer Career Specialty

Ask HN: Cursor is using 269,738 tokens to edit 1200 token file

Ask HN: Is it time to fork HN into AI/LLM and "Everything else/other?"

Ask HN: How do you find free academic/scientific material?

Ask HN: What is the state of support for mutable torrents?

I just got banned by Immunefi for reporting a real replay attack on LayerZero V2

Ask HN: How are you tracking dev productivity without feeling micromanaging?

Ask HN: Is OpenAI Acquiring Cursor?

Ask HN: How do you stay on top of AI tech?

Ask HN: What should we do about state ID legislation?

How big is carpooling market?

Google raising Nest Aware Plus pricing by 25%

Ask HN: Developer-as-a-Service?

Ask HN: What is the best way to learn 3D modeling for 3D printing?

AIHint an open standard for signed verifiable metadata readable by AI on the web

Tell HN: Humanloop acquired, sunsetting Sept 8th