search

trophyParticipate in audits

hashtag
Join an audit

To join an audit, navigate to the audit page and click the Join audit button.

Joining the audit will reveal the available details.

Once you've joined the audit, you'll be able to see the available details, including links to view the audit repo and submit findings.

hashtag
Audit access

  • Most Code4rena audits are open and public.

  • Some audits have special requirements and limited access. Details are normally posted in the #rsvp channel in the Code4rena Discord server.

  • Private audits show "Audit details are not available," with an explanation.

hashtag
Making submissions

  • To submit a finding, join the relevant audit, and a Submit finding button will appear.

  • Click this button to access the submission form.

The submission form fields will vary depending on the Severity rating you select.
circle-info

Each warden has a limited number of submissions per audit; see "Submission limits based on signal" for more details.

hashtag
Required information

Severity rating (required)

  • Select from dropdown: High severity, Medium severity, QA (Quality Assurance)

  • High and Medium severity require additional fields (root cause links and Proof of Concept)

  • Severity selection determines the structure of your submission

  • Review Code4rena's severity categorization guidearrow-up-right for detailed criteria

Title (required)

  • Maximum 255 characters

  • Summarize your findings for the bug or vulnerability

  • This becomes the issue title, and should be clear and descriptive

Links to root cause (required for High/Medium risk submissions)

  • Provide GitHub links with specific line numbers to the vulnerability location

  • Format: https://github.com/code4rena/project/file.sol#L44-L55

  • Use "Add another link" to reference multiple code sections

Vulnerability details (required)

  • Add your submission details in Markdown. The editor includes a Preview tab

  • The template provided is merely intended as guidance about what types of details to include in your submission:

    • ## Finding description and impact - include a detailed explanation of the root cause and impact(s)

    • ## Recommended mitigation steps - describe the best method(s) to mitigate the finding

  • The editor supports full markdown formatting and math notation.

Proof of Concept (PoC) (Optional but often required for Solidity/EVM audits)

hashtag
Before submitting:

  1. Review requirements - Check the audit repository and submission guidelinesarrow-up-right for specific requirements

  2. Verify links - ensure all GitHub links point to correct line numbers

  3. Use Preview - Review formatting and clarity with the Preview tab

  4. Check policies - Review the code of conduct and submission policy (both linked from the submission form)

hashtag
Viewing your submissions

circle-exclamation

At present, only your audit submissions are shown on the "Submissions" screen. Bounty submissions cannot be viewed in-app; see "Tracking progress on [bounty] submissions."

There are two ways to access your submissions to audits:

  1. Navigate to "Submissions" in the main menu to view all your submissions across every audit you've participated in. This centralized dashboard helps you track your entire Code4rena submission history. From the "Submissions" page, scroll to the relevant audit, click the Expand toggle, then select the submission you want to view.

  2. From the Audits page, select the relevant audit, then select the appropriate option depending on the audit's current phase:

    1. During the submission (Active) phase, click the Your Findings tab to view your submissions

    2. After submissions close, click View dashboard to view all submissions to the audit, including your own. (The dashboard is documented here.)

The "Submissions" tab displays a list of audits you've submitted to.
Expanding an audit in the list shows all of your submissions to that audit.
To view all of your submissions to an audit, you can also navigate to that audit's page and select the "Your Findings" tab.
circle-info

Note: Judges are permitted to edit submission titles for clarity, so your submission may appear with an altered title.

hashtag
Editing submissions

circle-info

Submissions can only be edited or withdrawn within 2 hours of creation.

Click on any submission card showing a clock icon to enter the editing mode.

During the two-hour submission window, clicking into a submission will allow you to edit or withdraw your submission.

Your submissions will display a countdown to show how long you have left to make changes.

You will also see a countdown on the editing screen. The edit interface uses the same form layout as creating new submissions, with all your original content pre-populated.

hashtag
Edit interface features

  • Same form fields - All original submission fields (title, severity, root cause links, vulnerability details, PoC) are editable

  • Edit/Preview tabs - Full markdown editing capabilities with preview functionality

  • Precise deadline warning - Blue notification shows exact deadline (e.g., "you must submit your changes or withdraw your submission by 3:33 PM (in 119 minutes 11 seconds)")

hashtag
Available actions

At the bottom of the edit screen, you'll see three action buttons:

  • Undo changes - Revert all modifications back to the original submission content

  • Withdraw submission - Permanently remove the submission from the audit (cannot be undone)

  • Save submission - Update the submission with your changes

PreviousPlatform guide for wardensNextSponsor Q&A

Last updated

Was this helpful?