Join a CodeHawks Contest
Quick Start
Welcome to Cyfrin CodeHawks! Here's a comprehensive guide to getting started as an auditor and submitting your initial vulnerabilities.
1. Create an Account on CodeHawks
Begin by visiting codehawks.cyfrin.io and selecting the "sign up" button located in the top right corner.
2. Subscribe to Your First CodeHawks Competition
Navigate to the competitions page and search for contests marked as "Live" or "Upcoming."
Stay Informed About Competitions: Make sure to follow the team on Twitter and join their Discord server to receive timely announcements.
When you click on a competition, you'll access its details page containing:
- Prize pool severity breakdowns
- Start and end dates
- nSLOC and scope information
- Scoring methodology
- GitHub repository link (for active competitions)
Each contest includes documentation covering the codebase, scope, compatibility details, and setup instructions.
New competitions launch nearly every week. Once you find a suitable opportunity, click the subscribe button to participate.
3. Submit Your First Finding
After identifying a vulnerability, visit the competition page and click the "submit a vulnerability" button.
Required submission details:
- Title: A descriptive heading under 250 characters
- Severity: Rate using a likelihood and impact matrix; consult "How to Evaluate a Finding Severity" for guidance
- Description: A thorough explanation of the vulnerability and reproduction steps
4. Await Judging Results
After the auditing period concludes, "judges evaluate each submission carefully to determine its validity, severity, and overall quality."
Progress updates will appear on the platform and via Discord announcements. Learn more about "the judging process."
5. Appeal Judging Results
For 48 hours post-judging, "appeals will be accepted to contest judgments." GitHub submissions enable commenting during this window for escalation requests.
6. Get Rewarded
Upon final report release, results get announced and "payouts will be sent to the winners."
Rewards distribute as USDC via the ZKsync chain. A connected ZKsync wallet in your profile is required to receive payments.