[CA] Bounty Distribution Rules

In HackenProof Audit Contests, rewards are distributed fairly across valid issues, based on severity, uniqueness, and contribution quality. This system prevents Sybil attacks and incentivizes meaningful, original submissions.

💰 Budget Allocation

Each audit contest has a fixed reward pool, which is divided by issue severity:

Only valid, in-scope submissions will be eligible for rewards.

🔒 Fairness and Sybil Protection

To prevent abuse (e.g., the same finding submitted from multiple accounts), we use a Sybil-resistant formula that rewards original, high-impact discoveries more than duplicated ones.

🧠 How it works:

If multiple researchers report the same issue, the reward for that issue is shared using the following formula:

Issue Weight = 1 × (0.9 ^ (N - 1)) / N

Where:

• N = number of researchers who submitted the same issue

• The fewer the reporters, the higher the reward each person receives

This ensures:

• Original submitters earn more

• Duplicate findings still get rewarded, but fairly

• Submitting the same issue under multiple accounts does not result in more money

🧮 Real Example (Critical Issues)

Imagine the Critical pool is $40,000, and we have:

• Issue A reported by 1 researcher → gets full weight

• Issue B reported by 2 → shared weight

• Issue C reported by 3 → shared with further reduced weight

Their weights:

• A = 1.00

• B = 0.45

• C = ~0.27 Total weight = 1.72

Rewards:

• Reporter of A: (1 / 1.72) × $40,000 ≈ $23,255

• Each reporter of B: (0.45 / 1.72 / 2) × $40,000 ≈ $5,233

• Each reporter of C: (0.27 / 1.72 / 3) × $40,000 ≈ $2,093

You’ll get a higher payout if you’re the first and only one to find a valid issue.

📌 Summary

• All issues which improve the security of the protocol are eligible.

• Originality is rewarded — submitting duplicates means smaller payouts.

• No rewards for Low or Informational issues.

If you have any questions, feel free to reach out to our team in the HackenProof Discord or support channel.

Happy hacking! 👾