Comment on page
How to Write and Submit a Finding
At CodeHawks, ensuring a streamlined and standardized process for reporting vulnerabilities is of utmost importance. This ensures your submissions are explained with clarity, facilitates fair judging, and results in a safer blockchain ecosystem.
When documenting a finding, adhere to the following structure:
(Provide a brief overview of the vulnerability.)
## Vulnerability Details
(Delve deep and elaborate on the identified issue, including where it exists in the codebase.)
(Describe the potential consequences of this vulnerability. How could it harm the protocol or users?)
## Tools Used
(List any tools or software that aided in the identification of the vulnerability.)
## Recommended Mitigation
(Suggest ways to resolve or mitigate the identified vulnerability.)
- Medium or High Severity Findings: Submit individually.
- Low Findings (Low risk or Non-critical): Compile into a single report per auditor or team.
The responsibility to validate the findings rests with the auditors. A detailed explanation and justification of the potential impact are crucial for a top-quality submission. The depth of the proof required correlates with the potential value of the submission.
An insufficient proof is when a judge needs to invest additional time in research or coding to verify the claims made in the submission. It's highly recommended to provide a coded proof of concept (POC) for your findings. This aids the judges immensely in verifying your claims swiftly and accurately.
Submissions deemed to lack sufficient evidence may risk invalidation.