The Auditing Process

Overview

Cyfrin CodeHawks employs "an innovative private and community code review process" to secure protocols. The company prioritizes both protocol security and developer experience.

Key Stages

1. Request an Audit

Teams submit requests via codehawks.com and receive contact within two days for a screening call to evaluate the project.

2. Screening Interview and Code Base Assessment

CodeHawks discusses audit scope, timeline, and requirements while recommending the optimal auditing approach.

3. Pricing and Timelines

An initial assessment determines project complexity and generates a quote based on required audit duration.

4. Code Freeze

"At least 2 days before the audit starts, protocol's teams are required to send CodeHawks the final: commit, branch, known issues, contracts." A code freeze then prevents changes to ensure consistent review scope.

5. Audit Begins

For competitions, protocol teams provide dedicated Discord support via a "sponsor" role. Community managers remain available throughout.

6. Judging and Appeals

After contests conclude, security experts evaluate submissions. The appeal period allows flagging of potentially miscategorized findings.

7. Initial Report

CodeHawks delivers "a curated, de-duplicated list of all High, Medium and low-severity findings" organized for prioritization.

8. Mitigation Phase (Competitive/Private Audits Only)

Teams implement fixes within an agreed timeframe. Optional mitigation review contests verify implementations faster than initial audits.

9. Final Report

Post-fix review confirms all vulnerabilities addressed and code readiness for deployment.