Joining competitions and bounties
Code4rena audits let people of a wide range of skill levels get rewarded while showcasing their talent in order to make the DeFi ecosystem more secure.
Stay up to date with new audits by following C4 on Twitter and joining our community Discord.
Joining an audit
Anyone can register to participate in an audit. Register here, confirm your email address, then join our Discord so you can keep up with important announcements about C4 audits and bounties.
Once you've completed those verification steps, visit the C4 website, where you'll find a list of open and upcoming audits, along with their pool size, start and end date.
To view specific audit details and other relevant information, click the "Join audit" button. Once the audit launches, the audit page will typically include links to the code repo, and to the finding submission form.
Please familiarize yourself with the submission policy, submission guidelines, and judging criteria prior to participating.
If you have questions during an audit
General questions about auditing or Code4rena processes should be asked in the #questions or #wardens channels in the C4 Discord, not directed to the sponsor.
If you have questions about a specific audit:
Check the audit repo for links to documentation
Most audits also have Code4rena's Documentation Bot enabled; the bot allows wardens to query the bot for information embedded within the project docs. Instructions for using the bot are shared in the audit channel in the C4 Discord server.
When a sponsor designates a team member who is available for questions, you will see a "Q&A" tab on the audit page. If this option is active, you may open a private thread with them to ask questions. However, please be sure to first review all documentation for the audit to ensure the answer hasn't already been provided.
We always encourage sponsors to share any available documentation, and make themselves available for questions, so they get the most out of their audit.
How can I confirm that Code4rena has received my submission?
Simply head over to the specific audit page and navigate to the Your Submissions tab (located to the right of Details). If you see your issue listed, then it has been received by the C4 team.
Can I edit my findings post-submission?
Yes! Go to the Your Submissions tab (located to the right of Details) on the specific audit page and open the submission, make edits and submit changes. This option is only available for 2 hours after you submit, however; after that, it will be locked in for judging.
I submitted a finding but then realized it was invalid. Do I need to contact Code4rena?
While the audit is still active, you can go to the Your Findings tab (located to the right of Details) on the specific audit page and open the finding. There you will see an option to Withdraw the finding.
⏩ TL;DR
Turn in your reports before the submission deadline.
For each audit, submit your Medium and High risk findings individually.
Bundle all of your low-risk and governance / centralization risk findings into a single QA report.
Be sure to register your username and wallet address to participate.
Watch the C4 Discord for award announcements -- if your username is among the winners, submit your tax information within 30 days to receive your awards.
Publicly disclosing (e.g. publishing or discussing) any discovered bugs or vulnerabilities before the audit report has been published is grounds for disqualification from all C4 events.
Last updated
Was this helpful?