<aside> <img src="/icons/barricade_purple.svg" alt="/icons/barricade_purple.svg" width="40px" />

This documentation is a work in progress, and is subject to change.

</aside>

TL;DR

• Multi-week competitive audit where submissions open and close weekly
• Sponsors get weekly access to triaged findings throughout the audit without compromising the integrity of the competition.
• Wardens get access to identified issues from previous round, an incentive to submit lower-hanging fruit earlier, and fewer duplicates overall.

Schedule

• Tuesday 20:00 UTC
  • Submissions open
  • In all but the final week, only High- and Medium-risk issues may be submitted.
• Friday 20:00 UTC
  • Submissions close
  • SR and ZR wardens are granted access to view submissions
  • Validator starts triage
• Monday 20:00 UTC
  • Sponsor receives triaged and deduped findings
  • Sponsor has until Tuesday 20:00 UTC to flag any high-risk or critical findings affecting live code; these will be kept private.
• Tuesday 20:00 UTC
  • Submissions re-open
  • Preliminary known issues are made available to everyone who submitted findings in round 1 (these are now considered known issues, and therefore out of scope)
• QA reports (Lows) only accepted during final week

How awarding works

The HM pool is divided into increasing shares as the audit progresses. Up to 30% of the HM pool is allocated for early issues, with that 30% split up across early phases and progressively increasing.

• For a two-week competition:
  • Week 1: 30% of total HM pool
  • Week 2: 70% of total HM pool
• For a three-week competition:
  • Week 1: 10% of total HM pool
  • Week 2: 20% of total HM pool
  • Week 3: 70% of total HM pool
• For a four-week competition:
  • Week 1: 5% of total HM pool
  • Week 2: 10% of total HM pool
  • Week 3: 15% of total HM pool
  • Week 4: 70% of total HM pool

If no valid HMs are found in a given week, the allocated funds for that week are redistributed among the weeks with valid findings.

Changelog: