FAQs

Find answers to your most common questions and get the support you need

General

What is Secure3?

Secure3 is a Web3 security audit platform that utilizes a decentralized approach to protect the Web3 ecosystem from bugs and technical threats. With a global community of certified auditors and security experts, we provide comprehensive security solutions to safeguard every stage of your Web3 journey. Learn more here.

What is an audit contest?

An audit contest is a decentralized security competition where projects sponsor rewards for auditors identifying vulnerabilities in their smart contracts, protocols, and code. Auditors compete based on the severity and uniqueness of their findings, driving comprehensive security coverage to strengthen project safety.

Learn more about how audit contests work here.

How is Secure3 different from other audits?

Secure3 takes a unique approach by prioritizing transparent and incentive-based auditor alignment. Rather than a traditional audit setup, we use a decentralized model where auditors are rewarded directly based on the quality and impact of their findings. This structure motivates auditors to conduct thorough and highly focused assessments, tailored specifically to each project’s needs.

By providing top security experts with competitive rewards, Secure3 can attract specialized talent without the overhead costs often seen in conventional firms. Our transparent approach also allows project teams to see and verify the expertise of their audit contributors, helping ensure a higher and more consistent audit quality.

Discover more on how Secure3’s approach provides enhanced transparency and customized security solutions tailored to your project’s needs here.

What contests has Secure3 held before?

You can view all our published contests here and explore our public contest reports here.

Secure3 has conducted over 200 audit contests for leading projects across various ecosystems and languages, including zkSync, Mantle, IoTeX, dappOS, Manta, Polkadot, zkLink, Neo, Merlin Chain, Aark, FBTC, OKX, Stakestone, Doodles, Shardeum, Mirror World, Aki Network, Zeek, and many more.

Please note that some contests are currently private and not publicly visible. They will be published once the hosts decide to make them available.

Project

How soon can I start my audit with Secure3?

Based on your demand and timeline, we can kick off your audit contest in as fast as 24 hours.

How can I request an audit for my project with Secure3?

Head over to this link and complete the form. Our team will get in touch with you shortly after you submit your request.

Do auditors check the fixes?

Your fixes will be verified by the Secure3 team, and we will discuss and double-check with auditors if clarification is needed.

Does Secure3 utilize AI or automated tools to audit?

We, along with our auditors, strictly refrain from using any AI tools that could expose project code without the project team’s explicit written consent. With permission, select in-house AI tools may be utilized to support the audit process.

However, we recognize that current AI tools cannot yet meet the quality standards for comprehensive audits, which require an understanding of business logic and in-depth security analysis.

Our strict submission policy also enforces penalties for unhelpful or automated findings to maintain the integrity of our audits.

How's the audit contest cost structured and determined?
  1. A small cut will be taken by Secure3 to maintain platform operations, such as auditor screening, submission grading, and validation, fix verification, and report preparation.

  2. The majority of the contest costs go to the reward pool, which will eventually distributed to all the auditors based on their performance. The reward pool is mainly determined by:

    1. Amount of the code that needs to be audited

    2. The complexity of the code, such as external dependencies

    3. The nature of the business logic - some protocols are intrinsically more vulnerable than others

    4. Contest time

    5. Number of auditors to participate in the contest

Due to high demand, we are only able to lock the audit schedule after receiving the full deposit from the projects. We are unable to make scheduling commitments otherwise.

How do you ensure the quality of the audit?

We ensure the quality of audits through our incentive model, auditor matching, a transparent severity standard, and rigorous grading. Learn more here.

What options are available to try Secure3 audit contests at a lower cost?

We welcome all projects to do a trial audit contest with us to experience our service firsthand. We are confident you can find value for your project. Some ways to mitigate your costs on the first try:

  1. Extract an independent or standalone module for audit

  2. Try a contest plan that has fewer auditors, meanwhile also do a head-to-head comparison with other auditing firms

How does Secure3 handle feature updates and incremental audits?

For Secure3's returning projects:

  1. We will figure out the scope for incremental audits together with you

  2. For the audit contest, we will retain half of the auditors from the previous contest to ensure continuity, while the other half will be new, providing fresh insights and perspectives.

For new projects:

  1. Please provide your code and your previous audit report, we will figure out the scope for incremental audits together with you

Where can I track my audit progress?

Once the contest is kicked off, we will provide you with a private portal for you to track the progress of your audit contest

You will also receive graded and consolidated weekly finding summaries if your contests last longer than 2 weeks.

Auditor

How do I sign up to become a Secure3 auditor?

To sign up as a Secure3 auditor, create your account and set up your profile. Include your performance data and relevant experience. You can also apply to become certified to gain access to private contests. Learn more about the guidelines here.

Can I work with my friend as a team?

You can choose to audit individually or as part of a team; however, if you collaborate with colleagues, please ensure all findings are submitted under the same account, as different accounts will be treated as separate participants. This means your team will receive rewards as individual participants.

How do I get my rewards?

You need to verify grading results and file an appeal if necessary, complete the Tax Verification Process, and confirm your wallet address along with the reward amount. Learn more about the guidelines here.

How does the contest grading work?

Contest grading starts with an initial review from Secure3’s internal team and a secondary review from the project’s engineering team. Issue severity is assessed based on the degree of damage and the difficulty of exploitation — see our Severity Standards for more details. Secure3 values client feedback and maintains technical neutrality throughout the grading process.

If you have any more questions, feel free to follow us on X and join our Discord for the latest updates and support.

Last updated