Skip to content

liveactionllama/docs

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

58 Commits
philosophy
philosophy
 
 
roles
roles
 
 
structure
structure
 
 
README.md
README.md
 
 
SUMMARY.md
SUMMARY.md
 
 
incentive-model-and-awards.md
incentive-model-and-awards.md
 
 

Repository files navigation

description
Community-driven contests for smart contract audits

Code4rena

The players in the arena:

  • Wardens protect the DeFi ecosystem from threats by auditing code.
  • Sponsors create prize pools to attract wardens to audit their project.
  • Judges allocate awards to wardens based on performance.

C4 audit contests are different from both bug bounties and traditional audits.

Bug bounties vs C4 audit contests

Bug bounties Audit contests
Spec work. No way to have confidence that the time invested will produce a payout. Guaranteed payouts. Auditors know it’s highly likely they can find a bug that will make it worth their time.
Dark forest. Who knows how much competition there is right now? Or how mature the codebase is? Low-hanging fruit. If a project is seeking an audit, it’s likely fresh code with clear opportunities to dig in.
Grow on your own. Researchers have to proactively look for ways to learn and level up their skills. Learning community. Open contests let auditors compare everyone’s findings and learn new things every single week.
Paradox of choice. So many projects have bounties. How does an auditor choose which to focus on? No FOMO. C4 runs a handful of active contests at a time—often just one or two, tops.

Traditional audits vs C4 audit contests

Traditional audits C4 audit contests
Constrained time. If you want a quality audit from a top firm, you’re going to have to wait. Time flexible. Code contests can be put together quickly for teams eager to go to market.
Constrained cost. Audit firms must recruit and retain talent, and defensively maintain their brand. Flexible cost. C4 scales to meet demand. Sponsors can increase pot size to attract more attention.
Constrained diversity. Audit firm staff have to work to stay ahead of DeFi's complex and expanding attack surface. Diverse capability. C4 contests allow specialized security researchers to demonstrate their skill and creativity.
Systematic. Firms use set processes for evaluating code, which differs from the way attackers approach things. Rigorous. C4 wardens are incentivized to work creatively to find as many rare, high risk vulnerabilities as possible.

Incentive model and awards

Details on Code4rena's incentive model and awards can now be found here.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published