# FAQ Hackers

<details>

<summary>How to participate?</summary>

Sign up to [app.auditone.io](https://app.auditone.io/). Complete KYC and qualify for the exam, if required.

</details>

<details>

<summary>Am I eligible for participation?</summary>

Any white hat hacker that follows the [General rules and regulations](/platform/bug-bounty/general-rules-and-regulations.md) and adheres to the [Code of Conduct](/platform/bug-bounty/code-of-conduct.md) is eligible to participate. \
\
Some projects require hackers to have completed a **KYC** to participate.

You must sign up to the AuditOne platform to be able to submit reports.

You must not be on any sanctions lists or reside in countries on sanctions lists (e.g., North Korea, Iran, etc.).

</details>

<details>

<summary>How to submit a report?</summary>

Open our app and navigate to the section ‘submit report’. You will find it in the bug bounty tab.

</details>

<details>

<summary>What should a good vulnerability submission look like?</summary>

Good vulnerability submission should have a detailed explanation of how one can exploit and impact on smart contracts. Steps to reproduce to validate the vulnerability and proof of concept, Recommendations to fix is a good submission.

</details>

<details>

<summary>How are bounties paid out?</summary>

On submission, there will be two reviews - one by AuditOne and the next by the project. If both the reviews are cleared, and the project fixes the issue. The bounty will be released.

</details>

<details>

<summary>Can I disclose found bugs to the public?</summary>

No. Auditors are not allowed to disclose bugs in public at any point in time until Auditone or Project publishes it to the community. Publicly disclosing a vulnerability before it's resolved makes it ineligible for a bounty.

</details>

<details>

<summary>I submitted a bug but didn’t hear back.</summary>

Sometimes, reviews may take additional time due to the unavailability of a concerned person at AuditOne or Project. You can DM us on Discord (@adrien\_re) or check the current status of the review on the AuditOne platform. Our triage team takes higher priority for Critical and High over Low issues.&#x20;

</details>

<details>

<summary>Can I contact the project directly about the bugs I found?</summary>

No. You may not be eligible for the bounty if you contact the project directly. As per our agreement with the projects, all submissions about bugs in the bug bounty scope must be submitted through the AuditOne platform.

</details>

<details>

<summary>Can I edit my bug report after submission?</summary>

No. You must submit a new report.

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.auditone.io/platform/bug-bounty/faq-hackers.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.