FAQs

Secure3 is a Web3 security audit platform that utilizes a decentralized approach to protect the Web3 ecosystem from bugs and technical threats. With a global community of certified auditors and security experts, we provide comprehensive security solutions to safeguard every stage of your Web3 journey. Learn more here.

An audit contest is a decentralized security competition where projects sponsor rewards for auditors identifying vulnerabilities in their smart contracts, protocols, and code. Auditors compete based on the severity and uniqueness of their findings, driving comprehensive security coverage to strengthen project safety.

Learn more about how audit contests work here.

The Secure3 Audit Contest redefines traditional auditing with a decentralized, performance-driven model. Unlike centralized audits, which often face challenges like high costs, limited auditor engagement, and lack of transparency, Secure3 provides a superior solution through:

• Affordable Pricing: Flexible fees tailored to your project, avoiding the high fixed costs associated with centralized firms.

• Transparency: Full visibility into every audit stage, enabling you to track progress and verify auditors’ expertise.

• Fast Turnaround: Audits start within 24 hours, ensuring rapid and effective security coverage.

• Comprehensive Coverage: Secure3 engages 5-50x more auditors than centralized audits—more eyes, more security—bringing diverse expertise and thorough analysis to your project.

• Incentive Alignment: Performance-based rewards motivate auditors to deliver focused, high-quality results—no findings, no rewards.

• Ongoing Security Support: Post-audit assistance ensures continued security beyond the initial assessment.

By eliminating inefficiencies and prioritizing performance, Secure3 delivers audits that are faster, more transparent, and tailored to your Web3 project’s unique needs. Read more here.

The Secure3 Audit Contest is a pre-launch audit designed as the final security check before your project goes live, while Bug Bounty programs run after launch.

• Incentive Model: Secure3 rewards auditors based on performance—no findings, no rewards—ensuring auditors focus on uncovering high-value insights, while Bug Bounties often use a winner-takes-all model.

• Participation Model: Secure3 only matches certified auditors with relevant expertise to your project, ensuring quality and consistency, while Bug Bounties are open to anyone, , often resulting in varying skill levels.

• Focus of Effort: Secure3 auditors dedicate their attention to a single project at one time, providing thorough security and business analysis. In Bug Bounties, auditors juggle multiple projects, often lacking focus.

• Efficiency of Findings: Secure3 handles cross-examination and validation in-house, ensuring a quicker turnaround and actionable results.

Read more here.

You can view all our published contests here and explore our public contest reports here.

Secure3 has conducted over 200 audit contests for leading projects across various ecosystems and languages, including zkSync, Mantle, IoTeX, dappOS, Manta, Polkadot, zkLink, Neo, Merlin Chain, Aark, FBTC, OKX, Stakestone, Doodles, Shardeum, Mirror World, Aki Network, Zeek, and many more.

Please note that some contests are currently private and not publicly visible. They will be published once the hosts decide to make them available.

Based on your demand and timeline, we can kick off your audit contest in as fast as 24 hours.

Head over to this link and complete the form. Our team will get in touch with you shortly after you submit your request.

Your fixes will be verified by the Secure3 team, and we will discuss and double-check with auditors if clarification is needed.

We, along with our auditors, strictly refrain from using any AI tools that could expose project code without the project team’s explicit written consent. With permission, select in-house AI tools may be utilized to support the audit process.

However, we recognize that current AI tools cannot yet meet the quality standards for comprehensive audits, which require an understanding of business logic and in-depth security analysis.

Our strict submission policy also enforces penalties for unhelpful or automated findings to maintain the integrity of our audits.

1. A small cut will be taken by Secure3 to maintain platform operations, such as auditor screening, submission grading, and validation, fix verification, and report preparation.

2. The majority of the contest costs go to the reward pool, which will eventually distributed to all the auditors based on their performance. The reward pool is mainly determined by:

   1. Amount of the code that needs to be audited

   2. The complexity of the code, such as external dependencies

   3. The nature of the business logic - some protocols are intrinsically more vulnerable than others

   4. Contest time

   5. Number of auditors to participate in the contest

Due to high demand, we are only able to lock the audit schedule after receiving the full deposit from the projects. We are unable to make scheduling commitments otherwise.

We ensure the quality of audits through our incentive model, auditor matching, a transparent severity standard, and rigorous grading. Learn more here.

We welcome all projects to do a trial audit contest with us to experience our service firsthand. We are confident you can find value for your project. Some ways to mitigate your costs on the first try:

1. Extract an independent or standalone module for audit

2. Try a contest plan that has fewer auditors, meanwhile also do a head-to-head comparison with other auditing firms

For Secure3's returning projects:

1. We will figure out the scope for incremental audits together with you

2. For the audit contest, we will retain half of the auditors from the previous contest to ensure continuity, while the other half will be new, providing fresh insights and perspectives.

For new projects:

1. Please provide your code and your previous audit report, we will figure out the scope for incremental audits together with you

Once the contest is kicked off, we will provide you with a private portal for you to track the progress of your audit contest

You will also receive graded and consolidated weekly finding summaries if your contests last longer than 2 weeks.

To sign up as a Secure3 auditor, create your account and set up your profile. Include your performance data and relevant experience. You can also apply to become certified to gain access to private contests. Learn more about the guidelines here.

You can choose to audit individually or as part of a team; however, if you collaborate with colleagues, please ensure all findings are submitted under the same account, as different accounts will be treated as separate participants. This means your team will receive rewards as individual participants.

You need to verify grading results and file an appeal if necessary, complete the Tax Verification Process, and confirm your wallet address along with the reward amount. Learn more about the guidelines here.

Contest grading starts with an initial review from Secure3’s internal team and a secondary review from the project’s engineering team. Issue severity is assessed based on the degree of damage and the difficulty of exploitation — see our Severity Standards for more details. Secure3 values client feedback and maintains technical neutrality throughout the grading process.