FAQ Hackers
How to participate?
Sign up to app.auditone.io. Complete KYC and qualify for the exam, if required.
Am I eligible for participation?
Any white hat hacker that follows the General rules and regulations and adheres to the Code of Conduct is eligible to participate. Some projects require hackers to have completed a KYC to participate.
You must sign up to the AuditOne platform to be able to submit reports.
You must not be on any sanctions lists or reside in countries on sanctions lists (e.g., North Korea, Iran, etc.).
How to submit a report?
Open our app and navigate to the section βsubmit reportβ. You will find it in the bug bounty tab.
What should a good vulnerability submission look like?
Good vulnerability submission should have a detailed explanation of how one can exploit and impact on smart contracts. Steps to reproduce to validate the vulnerability and proof of concept, Recommendations to fix is a good submission.
How are bounties paid out?
On submission, there will be two reviews - one by AuditOne and the next by the project. If both the reviews are cleared, and the project fixes the issue. The bounty will be released.
Can I disclose found bugs to the public?
No. Auditors are not allowed to disclose bugs in public at any point in time until Auditone or Project publishes it to the community. Publicly disclosing a vulnerability before it's resolved makes it ineligible for a bounty.
I submitted a bug but didnβt hear back.
Sometimes, reviews may take additional time due to the unavailability of a concerned person at AuditOne or Project. You can DM us on Discord (@adrien_re) or check the current status of the review on the AuditOne platform. Our triage team takes higher priority for Critical and High over Low issues.
Last updated