Comment on page
The Auditing process
Ensuring the security of protocols and their users it's our top priority, making the process for developers and protocol's teams as smooth as possible, is our second:
In this page you'll learn how your journey to securing your code base will look like and what you'll need to ensure full coverage of your protocol.
Here's how our auditing process looks like:
Our team will get back to your within two days to organise a screening call and assess the properties of your project and code base.
The CodeHawks team will reach out to you to discuss your audit scope, expected timeline, and requirements necessary to initiate an audit. Additionally, they will provide recommendations on the ideal auditing path to take.
The CodeHawks team will conduct an initial assessment of your code base and project, and provides you with a quote based on the length of time required for the audit and its complexity.
At least, 2 days before the audit starts, protocol's teams are required to send CodeHawks the final:
- known issues
After that a code freeze is required to establish a standard - This means that everyone will be looking at the same code for the entire duration of the audit.
Please note that this includes your own repository as a pull request can leak alpha information to our community.
Each member will be given a special "sponsor" role to make sure you're recognisable.
In any case, our community managers will be always available to help you in the process and answer auditors' questions.
Immediately after the audit contest ends, the judging phase commences. The duration of the judging contest varies depending on the number of issues submitted. During this phase, security experts thoroughly evaluate the submissions. Once the judging phase is complete, the Appeal period begins. In this stage, security experts have the opportunity to flag any issues they believe were not categorized correctly during the initial judging, seeking a second opinion. To know more about the Appeal period you can refer to this guide.
A day or so after the appeal period ends, the CodeHawks team, will compile and meticulously organize a curated, de-duplicated list of all High, Medium and low-severity findings for your team. This compilation will enable your team to effectively prioritize and address these critical vulnerabilities
First, our teams will agree on a suitable time frame to tackle these issues.
Once we've set the time, your team can start implementing the necessary fixes in your code base. It's crucial to ensure that these vulnerabilities are addressed promptly and effectively to enhance the security of your systems.
Additionally, you may opt for a Mitigation Review Contest, following your initial audit to verify your implementations. These are much faster than the initial audit phase!
Through these steps, you'll be sure to strengthen your code and safeguard your applications against potential threats.
Post-fix review, our team will meticulously review your code once more to compile a detailed final report, ensuring all the fixes have been implements and your code is ready to be shipped.