# \[DD] Bounty Distribution Rules

**Please always read the individual rules for each DualDefence Audit, as specific conditions may vary per project.**

## ✅ Accepted Reports

Only **Critical** vulnerabilities are eligible for rewards in a DualDefence Audit. All valid reports must include:

* A detailed description of the vulnerability.
* A working Proof-of-Concept (PoC) for re-testing.
* (Recommended) Screenshots or a screen recording demonstrating the exploit.

All submissions will be reviewed by our Triage Team, then forwarded to the Auditor and Client teams for final validation. **This process can take up until the final days of the audit**, so please be patient.

## 💰 Bounty Distribution

**Bounty Pool** – the total reward allocated for the audit\
**Allocated Bounty** – the portion of the bounty pool assigned to each *unique* valid vulnerability

The **entire bounty pool is distributed across unique Critical issues**, and then shared among researchers **proportionally** based on the uniqueness of their findings.

### **🧠 Sybil-Resistance Formula**

To discourage duplicate submissions under multiple accounts (Sybil attacks), we apply a **diminishing returns formula**:

**Issue Weight = 1 × (0.9 ^ (N - 1)) / N**

Where:

* `N` = number of researchers who submitted the same issue
* Issue Weight determines the bounty share assigned to each reporter

This rewards original findings more heavily and reduces the reward for duplicated issues. The fewer researchers who submit a specific vulnerability, the larger the portion they receive.

## **🧮 Example**

* **Issue A** reported by 1 researcher → Weight = 1.0
* **Issue B** reported by 2 researchers → Weight = 0.45 total (0.225 each)
* **Issue C** reported by 3 researchers → Weight ≈ 0.27 total (0.09 each)

If these are the only valid issues, the bounty pool is distributed in proportion to the total weights assigned to each researcher.

## ⚠️ Disclaimer

Bounty rewards are denominated in **staked tokens in the FlashPool**. Due to market volatility, the final USD equivalent may vary from the initially announced prize.<br>

## ✅ Recommended Before Submitting

* Complete **KYC**
* Create a wallet eligible to **claim FlashPool rewards**
* Thoroughly research the audit scope and project infrastructure


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.hackenproof.com/dualdefense-audit/dd-bounty-distribution-rules.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.