HackenProof Docs
  • Welcome
    • HackenProof
      • Services we provide
      • Our resources
    • Integrations
      • Slack
      • Discord
      • Telegram
      • Zapier (Webhook)
        • Zapier -> Lark
        • Zapier -> Linear
        • Zapier -> Jira Service Management
        • Zapier -> PagerDuty
        • Zapier -> Google Chat
        • Zapier -> ClickUp
      • Jira Software
      • GitHub Issue
      • GitLab Issue
      • VDP iFrame
    • FAQ
      • Audit & Bug Bounty (BB)
      • Crowdsourced Audit & BB
      • Penetration testing & BB
    • Emergency
      • Reset 2FA
    • Code of Conduct
    • Referral Program
  • Bug Bounty
    • Bug Bounty process
    • How to start Bug Bounty
    • How to create a VDP
    • Vulnerability classification
      • Web & Mobile
        • Out-of-Scope Bugs
      • Smart contracts
      • Blockchain protocols
    • Reports Basics
      • Points Guide
      • Crafting a well-readable report
  • Dashboard
    • Company dashboard
      • Manage programs
      • Manage reports
      • Share report
      • Labels
      • E2E report encryption
      • Reports decrypting with Mailvelope
      • Users and roles
      • Program/Report Assignee
      • Replenish your balance
      • Integrations
    • Hacker dashboard
      • 👉How to start
      • Submit a report
      • Reports Basics
      • Vulnerability classification
      • 👮‍♂️KYC
      • Сreate a crypto wallet
      • 💸Withdraw bounty
      • Hacker Leaderboard
      • Reset 2FA
      • 🍕HackenProof community
      • Report ID
      • Private Program
      • Contact support
    • Company-Auditor dashboard
      • How to start
      • Add members
      • Submit report
      • Contact support
  • Crowdsourced audit
    • Audit process
    • How to start Audit
    • Supported tech
    • Vulnerability classification
    • Reports Basics
    • Qualified Auditors
    • Judging / Triaging
      • Targets
      • Team
    • [CA] Bounty Distribution Rules
    • Fee & Payments
  • DualDefense Audit
    • What is DualDefence Audit
    • General Guidelines
    • How DualDefence Audit goes
    • Contest Phases
    • Vulnerability classification
      • [DD] Smart Contracts
    • [DD] Bounty Distribution Rules
  • good to know
    • Changelog
    • Branding
    • Vulnerability Disclosure
  • Education
    • Courses
    • Tools
    • Useful sources
Powered by GitBook
On this page
  • Submission phase:
  • Preliminary phase:
  • End of judging:
  • End Of Contest
  1. DualDefense Audit

Contest Phases

To ensure fairness, consistency, and clarity throughout Dual Defence contests, please adhere to the following rules, organized by contest phase:

Submission phase:

  • All reports must be complete and self-contained at the time of submission.

  • No new technical information or arguments may be added in the comments after submission. Any additional details will be disregarded.

  • Once the judge sets an issue to "Review", it automatically enters the Preliminary Phase.

Preliminary phase:

During this phase, reports are under review by judges, who will provide an initial evaluation including validity, severity, and reasoning. The security researcher can then comment if he disagrees with the judge's decision.

✅ Allowed in Comments:

  • Constructive rebuttals responding directly to the judge’s feedback

  • New, relevant technical points that clarify or reinforce the original issue

  • Concise arguments focused on the vulnerability itself

❌ Not Allowed:

  • Repeating what's already in the report without adding anything new

  • Personal attacks or criticism of the judge or the judging process

  • Reposting the same point in multiple comments — submit one clear response, then wait for the judge to reply

  • Excessive or off-topic commentary — keep your message concise and technical

Additional Guidelines:

  • Do not open Discord tickets about reports under review. If the issue is still in the "Review" state, the judge has seen your response and is re-evaluating.

  • Do not discuss your submissions publicly (e.g., in Discord or elsewhere) until results are officially announced.

failure to comply with any of these may result in reputation point loss or closing of all your issues in the contests as invalid.

End of judging:

Once a report is moved to a terminal state (Triaged, Invalid, Spam, Out of Scope), the judgment is final. Final Phase Rules:

  • No appeal requests via Discord or tickets — they will be closed without further review.

  • Do not ask for a second opinion — borderline or critical issues are already reviewed by multiple auditors or triagers when needed.

End Of Contest

  • When judging is fully complete, an admin will announce the end of the contest along with the results in the Discord #DD-[contest-name] channel.

  • At this point, you are free to discuss your findings publicly.

PreviousHow DualDefence Audit goesNextVulnerability classification

Last updated 6 days ago