Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Project FAQ

What is the difference between you and centralized firms?

Secure3's audit contests represent a new generation of auditing, overcoming many of the flaws ingrained in traditional centralized auditing. For more details on how Secure3 is better, please see our comparison chart -> Secure3

How soon can I start my audit with Secure3?

Based on your demand and timeline, we can kick off your audit contest in as fast as 24 hours.

Do auditors check the fixes?

Your fixes will be verified by the Secure3 team, and we will discuss and double-check with auditors if clarification is needed.

Does Secure3 utilize AI or automated tools to audit?

  1. We and the auditors will NOT use any AI tools that can leak projects' code without prior written permission from projects

  2. With the projects' permission, there are certain in-house AI tools will be utilized to assist in audit contests.

  3. However, we don't see any AI tools that can perform quality audits yet, as our audit requires understanding the business logic and in-depth security analysis.

  4. We also have a strict submission policy that also penalizes submitting useless automatic findings. More details -> Submission Policy

How's the audit contest cost structured and determined?

  1. A small cut will be taken by Secure3 to maintain platform operations, such as auditor screening, submission grading, and validation, fix verification, and report preparation.

  2. The majority of the contest costs go to the reward pool, which will eventually distributed to all the auditors based on their performance. The reward pool is mainly determined by:

    1. Amount of the code that needs to be audited

    2. The complexity of the code, such as external dependencies

    3. The nature of the business logic - some protocols are intrinsically more vulnerable than others

    4. Contest time

    5. Number of auditors to participate in the contest

Due to high demand, we are only able to lock the audit schedule after receiving the full deposit from the projects. We are unable to make scheduling commitments otherwise.

How do you ensure the quality of the audit?

We ensure the quality of audits through our incentive model, auditor matching, a transparent severity standard, and rigorous grading. Please see more details -> Projects

What options are available to try Secure3 audit contests at a lower cost?

We welcome all projects to do a trial audit contest with us to experience our service firsthand. We are confident you can find value for your project. Some ways to mitigate your costs on the first try:

  1. Extract an independent or standalone module for audit

  2. Try a contest plan that has fewer auditors, meanwhile also do a head-to-head comparison with other auditing firms

How does Secure3 handle feature updates and incremental audits?

For Secure3's returning projects:

  1. We will figure out the scope for incremental audits together with you

  2. For the audit contest, we will retain half of the auditors from the previous contest to ensure continuity, while the other half will be new, providing fresh insights and perspectives.

For new projects:

  1. Please provide your code and your previous audit report, we will figure out the scope for incremental audits together with you

Where can I track my audit progress?

  1. Once the contest is kicked off, we will provide you with a private portal for you to track the progress of your audit contest

  2. You will also receive graded and consolidated weekly finding summaries if your contests last longer than 2 weeks

Last updated