What is a Competitive Audit

Overview

A smart contract security auditing competition represents a crowdsourced approach where specialized security researchers (called Hawks) examine codebases to identify vulnerabilities, inefficiencies, and potential issues. Participants submit their discoveries and receive compensation based on "validity, quality, and severity" of their findings.

The platform encourages participation by noting: "Don't want to miss any of our competition announcements? Make sure to follow us on Twitter and join our Discord server!"

Seven-Phase Competition Structure

1. Competition Announcement

The initial phase introduces the upcoming audit, detailing which smart contracts will be reviewed. Newcomers can reference the quick start guide for submission procedures.

2. Kick-Off (48 hours)

The official launch period begins, during which participants access the contract repository and commence vulnerability hunting. Submissions are processed through the web portal's contest page. Auditors may also raise concerns about code, scope, or contest specifics during this window.

3. Auditing

Security professionals conduct in-depth analysis to uncover bugs and recommendations. This time-bound phase ensures competitive fairness, with duration primarily determined by codebase size.

4. Judging

The Cyfrin team or appointed judges review submissions, validate findings, rank by severity, and prepare for appeals.

5. Appeals (48 hours)

Participants can challenge judging decisions, promoting transparency and fairness.

6. Rewards

Final results are announced with compensation distributed based on finding quality and significance. "Payouts are distributed within 72 hours of the escalation period's closure and are currently paid in USDC on ZKsync."