FAQs

Secure3 is a Web3 security audit platform that utilizes a decentralized approach to protect the Web3 ecosystem from bugs and technical threats. With a global community of certified auditors and security experts, we provide comprehensive security solutions to safeguard every stage of your Web3 journey. Learn more here.

An audit contest is a decentralized security competition where projects sponsor rewards for auditors identifying vulnerabilities in their smart contracts, protocols, and code. Auditors compete based on the severity and uniqueness of their findings, driving comprehensive security coverage to strengthen project safety.

Learn more about how audit contests work here.

Secure3 takes a unique approach by prioritizing transparent and incentive-based auditor alignment. Rather than a traditional audit setup, we use a decentralized model where auditors are rewarded directly based on the quality and impact of their findings. This structure motivates auditors to conduct thorough and highly focused assessments, tailored specifically to each project’s needs.

By providing top security experts with competitive rewards, Secure3 can attract specialized talent without the overhead costs often seen in conventional firms. Our transparent approach also allows project teams to see and verify the expertise of their audit contributors, helping ensure a higher and more consistent audit quality.

Discover more on how Secure3’s approach provides enhanced transparency and customized security solutions tailored to your project’s needs here.

You can view all our published contests here and explore our public contest reports here.

Secure3 has conducted over 200 audit contests for leading projects across various ecosystems and languages, including zkSync, Mantle, IoTeX, dappOS, Manta, Polkadot, zkLink, Neo, Merlin Chain, Aark, FBTC, OKX, Stakestone, Doodles, Shardeum, Mirror World, Aki Network, Zeek, and many more.

Please note that some contests are currently private and not publicly visible. They will be published once the hosts decide to make them available.

Based on your demand and timeline, we can kick off your audit contest in as fast as 24 hours.

Head over to this link and complete the form. Our team will get in touch with you shortly after you submit your request.

Your fixes will be verified by the Secure3 team, and we will discuss and double-check with auditors if clarification is needed.

We, along with our auditors, strictly refrain from using any AI tools that could expose project code without the project team’s explicit written consent. With permission, select in-house AI tools may be utilized to support the audit process.

However, we recognize that current AI tools cannot yet meet the quality standards for comprehensive audits, which require an understanding of business logic and in-depth security analysis.

Our strict submission policy also enforces penalties for unhelpful or automated findings to maintain the integrity of our audits.

1. A small cut will be taken by Secure3 to maintain platform operations, such as auditor screening, submission grading, and validation, fix verification, and report preparation.

2. The majority of the contest costs go to the reward pool, which will eventually distributed to all the auditors based on their performance. The reward pool is mainly determined by:

   1. Amount of the code that needs to be audited

   2. The complexity of the code, such as external dependencies

   3. The nature of the business logic - some protocols are intrinsically more vulnerable than others

   4. Contest time

   5. Number of auditors to participate in the contest

Due to high demand, we are only able to lock the audit schedule after receiving the full deposit from the projects. We are unable to make scheduling commitments otherwise.

We ensure the quality of audits through our incentive model, auditor matching, a transparent severity standard, and rigorous grading. Learn more here.

We welcome all projects to do a trial audit contest with us to experience our service firsthand. We are confident you can find value for your project. Some ways to mitigate your costs on the first try:

1. Extract an independent or standalone module for audit

2. Try a contest plan that has fewer auditors, meanwhile also do a head-to-head comparison with other auditing firms

For Secure3's returning projects:

1. We will figure out the scope for incremental audits together with you

2. For the audit contest, we will retain half of the auditors from the previous contest to ensure continuity, while the other half will be new, providing fresh insights and perspectives.

For new projects:

1. Please provide your code and your previous audit report, we will figure out the scope for incremental audits together with you

Once the contest is kicked off, we will provide you with a private portal for you to track the progress of your audit contest

You will also receive graded and consolidated weekly finding summaries if your contests last longer than 2 weeks.

To sign up as a Secure3 auditor, create your account and set up your profile. Include your performance data and relevant experience. You can also apply to become certified to gain access to private contests. Learn more about the guidelines here.

You can choose to audit individually or as part of a team; however, if you collaborate with colleagues, please ensure all findings are submitted under the same account, as different accounts will be treated as separate participants. This means your team will receive rewards as individual participants.

You need to verify grading results and file an appeal if necessary, complete the Tax Verification Process, and confirm your wallet address along with the reward amount. Learn more about the guidelines here.

Contest grading starts with an initial review from Secure3’s internal team and a secondary review from the project’s engineering team. Issue severity is assessed based on the degree of damage and the difficulty of exploitation — see our Severity Standards for more details. Secure3 values client feedback and maintains technical neutrality throughout the grading process.