Code4rena

Competitive audit platform where 100+ wardens review a fixed scope over 3-14 days for a sponsor-funded prize pool. Findings are judged for severity and uniqueness; awards are distributed pro rata via the C4 awarding algorithm.

• 01broad coverage from a large auditor pool
• 02guaranteed-payout pre-launch reviews
• 03complement to a private/fixed-fee audit
• 04post-fix mitigation reviews
• 05public reports for marketing and DD

• # No package — engage via https://code4rena.com/sponsor
• # Wardens: register at https://code4rena.com and submit findings via the contest UI

• ⚑Reward distribution is heavily front-loaded toward unique HMs — duplicates get a small slice; sponsors should expect a long tail of QA/Gas reports that are not real bugs.
• ⚑Scope inclusion is strict: anything not explicitly listed in the contest README is out-of-scope and findings will be invalidated, even if exploitable.
• ⚑Severity labels (High/Medium) follow C4's docs, not OWASP/CVSS — a 'Medium' on C4 may be a Critical elsewhere; map back via the Severity Categorization page before quoting.
• ⚑Mitigation review (post-fix) is a separate paid contest — budget for it; un-reviewed fixes are a frequent source of post-launch incidents.
• ⚑Public contests leak your code on the contest start date; pre-revenue protocols often prefer private C4 'audit' track or Sherlock instead.
• ⚑Awards are paid in two batches with KYC requirements above thresholds; non-KYC wardens may forfeit a portion.