How to Write and Submit a Finding
How to Write and Submit a Finding with CodeHawks
At CodeHawks, ensuring a streamlined and standardized process for reporting vulnerabilities is of utmost importance. This ensures your submissions are explained with clarity, facilitates fair judging, and results in a safer blockchain ecosystem.
All finding submissions are handled directly through the CodeHawks web platform to ensure a simple and streamlined process.
How to format your finding report
When documenting a finding, adhere to the following structure:
Report Format for different findings severity
Once you've determined the severity of your finding follow the following report format:
Medium or High Severity Findings: Submit individually.
Low Findings (Low risk or Non-critical): Compile into a single report per auditor or team.
For an in-depth understanding on assessing risk, refer to our how to evaluate a finding severity guide
Burden of Proof
The responsibility to validate the findings rests with the auditors. A detailed explanation and justification of the potential impact are crucial for a top-quality submission. The depth of the proof required correlates with the potential value of the submission.
An insufficient proof is when a judge needs to invest additional time in research or coding to verify the claims made in the submission. It's highly recommended to provide a coded proof of concept (POC) for your findings. This aids the judges immensely in verifying your claims swiftly and accurately.
Submissions deemed to lack sufficient evidence may risk invalidation.
Refer to our How to create a PoC guide to learn how to get the most our of your reports.
Last updated