Submission Policy

As the Secure3 platform thrives and evolves, our commitment to maintaining the highest quality standards remains unwavering. Ensuring an optimal experience for all our clients and auditors is at the forefront of our mission.

Submission and Grading Standard

Automated Findings

  1. All submissions generated by automation tools and not verified by human moderation will be directly rejected

  2. The auditors who intentionally submit unverified automated findings will face a possible ban

Gas Optimization

  1. Detailed evidence with supporting data is mandatory for submissions about gas optimization. This evidence should demonstrate that your suggestion leads to significant gas savings.

Coding Style

  1. Suggestions highlighting coding styles such as documentation discrepancies, comment clarifications, compiler versions, naming conventions, custom error replacing require or assert, library versions, test modules, etc. are not eligible for rewards.

  2. Exception: if you can present concrete proof—either through a proof of concept (PoC) or factual data—indicating that a particular coding style issue can inflict substantial damage

Excluded issue

The following vulnerabilities are not accepted by Secure3:

  • Lack of Zero Address Validation.

  • Insufficient validation for the parameter zero.

  • Unlocked Pragma Version.

  • Some events miss Keyword index.

  • Inconsistent solidity compiler version.

  • Missing error message in require statements.

  • Unfinished TODOs and missing implementation.

  • Typo in function/variable name or otherwise.

  • Unuse the latest solidity version.

  • hardcoding chain address.

  • Potential divided by zero error.

  • Remove Renounce Ownership

Note:

If the above vulnerabilities are submitted, they must be able to directly cause loss, which would potentially be accepted.

Last updated