What is a Competitive Audit?

This is the initial phase in which we announce the upcoming competition, detailing the smart contract(s) to be audited.

Learn how to subscribe and submit your first vulnerability following the quick start guide.

This is the official start of the competition, and it will last 48 hours. From now on, participants can access the contract repo on the contests page and begin looking for bugs, issues, and vulnerabilities. Findings can be submitted through the contest page on the web portal.

During the kick-off period, auditors can also raise issues with the codebase, the scope, or any other contest's details.

Auditors delve deep into the provided smart contract(s), using their expertise to uncover vulnerabilities, inefficiencies, and other issues and recommendations. In the next phase, these findings are submitted to judges for assessment.

This period is time-bound, ensuring a level playing field.

The time allotted for a competition is determined mainly by the size of the audited code base.

Once the auditing period concludes, the community judging period will start, followed by the lead judging period, during which the Cyfrin CodeHawks team or appointed judges will review the submissions. This will validate the findings, rank them based on severity, and prepare for the appeals phase.

The length of this period is primarily determined by the number of submissions received.

For 48 hours after the initial judging, auditors can raise concerns and appeals about the decisions made during the judging phase. This window allows the community to ensure transparency and fairness.

After addressing escalations, the final results are announced, and rewards are distributed to auditors based on the quality and significance of their findings.

Payouts are distributed within 72 hours of the escalation period's closure and are currently paid in USDC on ZKsync.