FAQs

Find answers to your most common questions and get the support you need

General

What is Secure3?

Secure3 is a Web3 security audit platform that utilizes a decentralized approach to protect the Web3 ecosystem from bugs and technical threats. With a global community of certified auditors and security experts, we provide comprehensive security solutions to safeguard every stage of your Web3 journey. Learn more here.

What is an audit contest?

An audit contest is a decentralized security competition where projects sponsor rewards for auditors identifying vulnerabilities in their smart contracts, protocols, and code. Auditors compete based on the severity and uniqueness of their findings, driving comprehensive security coverage to strengthen project safety.

Learn more about how audit contests work here.

How is Secure3 Audit Contest different from Centralized Audits?

The Secure3 Audit Contest redefines traditional auditing with a decentralized, performance-driven model. Unlike centralized audits, which often face challenges like high costs, limited auditor engagement, and lack of transparency, Secure3 provides a superior solution through:

Affordable Pricing: Flexible fees tailored to your project, avoiding the high fixed costs associated with centralized firms.
Transparency: Full visibility into every audit stage, enabling you to track progress and verify auditors’ expertise.
Fast Turnaround: Audits start within 24 hours, ensuring rapid and effective security coverage.
Comprehensive Coverage: Secure3 engages 5-50x more auditors than centralized audits—more eyes, more security—bringing diverse expertise and thorough analysis to your project.
Incentive Alignment: Performance-based rewards motivate auditors to deliver focused, high-quality results—no findings, no rewards.
Ongoing Security Support: Post-audit assistance ensures continued security beyond the initial assessment.

By eliminating inefficiencies and prioritizing performance, Secure3 delivers audits that are faster, more transparent, and tailored to your Web3 project’s unique needs. .

How is Secure3 Audit Contest different from Bug Bounty?

The Secure3 Audit Contest is a pre-launch audit designed as the final security check before your project goes live, while Bug Bounty programs run after launch.

Incentive Model: Secure3 rewards auditors based on performance—no findings, no rewards—ensuring auditors focus on uncovering high-value insights, while Bug Bounties often use a winner-takes-all model.
Participation Model: Secure3 only matches certified auditors with relevant expertise to your project, ensuring quality and consistency, while Bug Bounties are open to anyone, , often resulting in varying skill levels.
Focus of Effort: Secure3 auditors dedicate their attention to a single project at one time, providing thorough security and business analysis. In Bug Bounties, auditors juggle multiple projects, often lacking focus.
Efficiency of Findings: Secure3 handles cross-examination and validation in-house, ensuring a quicker turnaround and actionable results.

What contests has Secure3 held before?

You can view all our published contests here and explore our public contest reports here.

Secure3 has conducted over 200 audit contests for leading projects across various ecosystems and languages, including zkSync, Mantle, IoTeX, dappOS, Manta, Polkadot, zkLink, Neo, Merlin Chain, Aark, FBTC, OKX, Stakestone, Doodles, Shardeum, Mirror World, Aki Network, Zeek, and many more.

Please note that some contests are currently private and not publicly visible. They will be published once the hosts decide to make them available.

Project

How soon can I start my audit with Secure3?

Based on your demand and timeline, we can kick off your audit contest in as fast as 24 hours.

How can I request an audit for my project with Secure3?

Head over to this link and complete the form. Our team will get in touch with you shortly after you submit your request.

Do auditors check the fixes?

Your fixes will be verified by the Secure3 team, and we will discuss and double-check with auditors if clarification is needed.

Does Secure3 utilize AI or automated tools to audit?

We, along with our auditors, strictly refrain from using any AI tools that could expose project code without the project team’s explicit written consent. With permission, select in-house AI tools may be utilized to support the audit process.

However, we recognize that current AI tools cannot yet meet the quality standards for comprehensive audits, which require an understanding of business logic and in-depth security analysis.

Our strict submission policy also enforces penalties for unhelpful or automated findings to maintain the integrity of our audits.

How's the audit contest cost structured and determined?

A small cut will be taken by Secure3 to maintain platform operations, such as auditor screening, submission grading, and validation, fix verification, and report preparation.
The majority of the contest costs go to the reward pool, which will eventually distributed to all the auditors based on their performance. The reward pool is mainly determined by:
1. Amount of the code that needs to be audited
2. The complexity of the code, such as external dependencies
3. The nature of the business logic - some protocols are intrinsically more vulnerable than others
4. Contest time
5. Number of auditors to participate in the contest

Due to high demand, we are only able to lock the audit schedule after receiving the full deposit from the projects. We are unable to make scheduling commitments otherwise.

How do you ensure the quality of the audit?

What options are available to try Secure3 audit contests at a lower cost?

We welcome all projects to do a trial audit contest with us to experience our service firsthand. We are confident you can find value for your project. Some ways to mitigate your costs on the first try:

Extract an independent or standalone module for audit
Try a contest plan that has fewer auditors, meanwhile also do a head-to-head comparison with other auditing firms

How does Secure3 handle feature updates and incremental audits?

For Secure3's returning projects:

We will figure out the scope for incremental audits together with you
For the audit contest, we will retain half of the auditors from the previous contest to ensure continuity, while the other half will be new, providing fresh insights and perspectives.

For new projects:

Please provide your code and your previous audit report, we will figure out the scope for incremental audits together with you

Where can I track my audit progress?

Once the contest is kicked off, we will provide you with a private portal for you to track the progress of your audit contest

You will also receive graded and consolidated weekly finding summaries if your contests last longer than 2 weeks.

Auditor

Can I work with my friend as a team?

You can choose to audit individually or as part of a team; however, if you collaborate with colleagues, please ensure all findings are submitted under the same account, as different accounts will be treated as separate participants. This means your team will receive rewards as individual participants.

How do I get my rewards?

You need to verify grading results and file an appeal if necessary, complete the Tax Verification Process, and confirm your wallet address along with the reward amount. Learn more about the guidelines here.

How does the contest grading work?

Contest grading starts with an initial review from Secure3’s internal team and a secondary review from the project’s engineering team. Issue severity is assessed based on the degree of damage and the difficulty of exploitation — see our Severity Standards for more details. Secure3 values client feedback and maintains technical neutrality throughout the grading process.

If you have any more questions, feel free to follow us on X and join our Discord for the latest updates and support.

PreviousWhat We Do NextAudit Quality Assurance

Last updated 6 months ago