[CA] Bounty Distribution Rules
In HackenProof Audit Contests, rewards are distributed fairly across valid issues, based on severity, uniqueness, and contribution quality. This system prevents Sybil attacks and incentivizes meaningful, original submissions.
💰 Budget Allocation
Each audit contest has a fixed reward pool, which is divided by issue severity:
Critical
40%
High
30%
Medium
15%
Gas Optimizations & Best Practices
5%
Only valid, in-scope submissions will be eligible for rewards.
🔒 Fairness and Sybil Protection
To prevent abuse (e.g., the same finding submitted from multiple accounts), we use a Sybil-resistant formula that rewards original, high-impact discoveries more than duplicated ones.
🧠 How it works:
If multiple researchers report the same issue, the reward for that issue is shared using the following formula:
Where:
N= number of researchers who submitted the same issueThe fewer the reporters, the higher the reward each person receives
This ensures:
Original submitters earn more
Duplicate findings still get rewarded, but fairly
Submitting the same issue under multiple accounts does not result in more money
🧮 Real Example (Critical Issues)
Imagine the Critical pool is $40,000, and we have:
Issue A reported by 1 researcher → gets full weight
Issue B reported by 2 → shared weight
Issue C reported by 3 → shared with further reduced weight
Their weights:
A = 1.00
B = 0.45
C = ~0.27 Total weight = 1.72
Rewards:
Reporter of A:
(1 / 1.72) × $40,000 ≈ $23,255Each reporter of B:
(0.45 / 1.72 / 2) × $40,000 ≈ $5,233Each reporter of C:
(0.27 / 1.72 / 3) × $40,000 ≈ $2,093
You’ll get a higher payout if you’re the first and only one to find a valid issue.
📌 Summary
All issues which improve the security of the protocol are eligible.
Originality is rewarded — submitting duplicates means smaller payouts.
No rewards for Low or Informational issues.
If you have any questions, feel free to reach out to our team in the HackenProof Discord or support channel.
Happy hacking! 👾
Last updated