# \[CA] Bounty Distribution Rules

In HackenProof Audit Contests, rewards are distributed fairly across valid issues, based on **severity**, **uniqueness**, and **contribution quality**. This system prevents Sybil attacks and incentivizes meaningful, original submissions.

## 💰 Budget Allocation

Each audit contest has a fixed reward pool, which is divided by issue severity:

| Severity Category                  | % of Total Rewards |
| ---------------------------------- | ------------------ |
| Critical                           | 40%                |
| High                               | 30%                |
| Medium                             | 15%                |
| Gas Optimizations & Best Practices | 5%                 |

Only valid, [in-scope submissions](https://docs.hackenproof.com/crowdsourced-audit/vulnerability-classification) will be eligible for rewards.

## 🔒 Fairness and Sybil Protection

To prevent abuse (e.g., the same finding submitted from multiple accounts), we use a **Sybil-resistant formula** that rewards original, high-impact discoveries more than duplicated ones.

### 🧠 How it works:

If multiple researchers report the same issue, the reward for that issue is shared using the following formula:

```
Issue Weight = 1 × (0.9 ^ (N - 1)) / N
```

Where:

* `N` = number of researchers who submitted the same issue
* The **fewer** the reporters, the **higher** the reward each person receives

This ensures:

* Original submitters earn more
* Duplicate findings still get rewarded, but fairly
* Submitting the same issue under multiple accounts does not result in more money

## 🧮 Real Example (Critical Issues)

Imagine the Critical pool is **$40,000**, and we have:

* **Issue A** reported by 1 researcher → gets full weight
* **Issue B** reported by 2 → shared weight
* **Issue C** reported by 3 → shared with further reduced weight

Their weights:

* A = 1.00
* B = 0.45
* C = \~0.27\
  **Total weight = 1.72**

Rewards:

* Reporter of A: `(1 / 1.72) × $40,000 ≈ $23,255`
* Each reporter of B: `(0.45 / 1.72 / 2) × $40,000 ≈ $5,233`
* Each reporter of C: `(0.27 / 1.72 / 3) × $40,000 ≈ $2,093`

You’ll get a **higher payout if you’re the first and only one to find a valid issue**.

***

### 📌 Summary

* All issues which improve the security of the protocol are eligible.
* **Originality is rewarded** — submitting duplicates means smaller payouts.
* No rewards for **Low** or **Informational** issues.

***

If you have any questions, feel free to reach out to our team in the HackenProof Discord or support channel.

Happy hacking! 👾