Audit Contest Process

Pre-Contest Phase:

  • Auditors can express their interest in the audit contest through the app.

  • AuditOne will create a private GitHub repository individually for each interested auditor within 24 hours, equipped with an issue template and labels for contributing to the audit contest.

  • Note: Auditors with a repository can start contributing to issues in existing repositories.

  • Only the AuditOne audit team and the respective auditor can access the private repository. AuditOne will provide a link to the repository within the app.

Contest Phase:

  • During the contest period, auditors work individually within their private repositories to identify and document vulnerabilities. They must use the provided issue template and labels to categorize vulnerabilities based on severity.

Post-Contest Phase:

  • After the contest period ends, all the documented issues are transferred to a central review repository.

  • Judges at AuditOne evaluate these issues to determine their validity and severity.

  • After the issues have been reviewed, the project team is given access and time to resolve them.

  • Bounties will be paid out for all validated issues. AuditOne will process bounty payments in the weeks after the audit contest concludes.

  • Auditors participating in the Aurora bug bounty must provide an AURORA address to receive their bounty payments, which will be in USD equivalent based on the exchange rate on the transfer day. For all other bounties, auditors can provide any EVM-compatible wallet address for their payments.

Last updated