description |
---|
Wardens protect the DeFi ecosystem from threats by auditing code. |
Code4rena audits let people of a wide range of skill levels get rewarded while showcasing their talent in order to make the DeFi ecosystem more secure.
✨Stay up to date with new audits by following C4 on Twitter and joining our community Discord.
Anyone can register to participate in an audit. Register here, confirm your email address, then join our Discord to get started.
Once you've completed those verification steps, have a look at the C4 website, where you'll find a list of open and upcoming audits, along with their pool size, start and end date, and other relevant information. Active audits will typically include a link to the code repo, as well as the submission form for findings.
As a reminder, for Wardens participating in code audits, please familiarize yourself with the submission policy and judging criteria prior to participating.
To register a team, you must first login to your Warden account, and then register your team here.
Once a team is created, you have the ability to add/remove members and update your payment address while logged in to the Code4rena website.
All team registrations and updates will create pull requests that are flagged for the C4 team to review and approve. Please allow 24-48 business hours for processing.
❗️Important note: Team awards are sent as a single payment to one wallet. We strongly recommend using a multisig wallet, or a tool like PaymentSplitter, to distribute awards among your team members. Note that C4 does not track which team member submitted each finding; your team is responsible for keeping track of that information, and distributing awards. The team structure at C4 is designed so that you submit as a team and get paid as a team.
- Most audits run for 3-7 days, and typically start and end at 20:00 UTC.
- The rest of our audit timeline is documented on the Audit timeline page.
When audit sponsors come to Code4rena for an audit, we always encourage them to provide documentation, and to make themselves available for questions, so they get the most out of their audit.
When a sponsor designates a team member who is available for questions, that person will introduce themselves in the C4 Discord (in an audit-specific channel). You may start a private thread with them if you have questions; however, please be sure to first review all documentation for the audit to ensure the answer hasn't already been provided.
Note: general questions about such topics as auditing or C4 processes should be asked in the Questions
or Wardens
channels in the C4 Discord, not directed to the sponsor.
- Turn in your reports before the audit end time.
- For each audit, submit your Medium and High risk findings individually.
- Bundle all of your low-risk and governance / centralization risk findings into a single QA report.
- Similarly, list all of your gas optimizations together in a single Gas report.
- Be sure to register your handle and Polygon address to receive your share.
- Publicly disclosing (e.g. publishing or discussing) any discovered bugs or vulnerabilities before the audit report has been published is grounds for disqualification from all C4 events.