# General Guidelines * **Required Report Format:** All submissions must have at least the following sections: * **Overview:** Brief summary of the issue. * **Description:** Clear explanation of the vulnerability, including step-by-step reproduction steps and relevant code excerpts. * **POC:** Runnable Proof of Concept that demonstrates how the attack is performed and the resulting impact. * **Recommendation:** Suggested fix or mitigation strategy. * **POC Requirement:** All Dual Defence submissions must include a runnable Proof of Concept (POC) at the time of submission. POCs submitted later via comments will not be accepted. Submissions missing a valid POC will be closed and may result in a reputation point penalty. * **Extending The Issue Via Comments:** Only the original issue reported will be considered for evaluation. Additional findings, exploit paths, or issues derived from the same root cause introduced via comments will not be taken into account when assessing validity or severity. Repeated attempts to introduce new issues via comments may lead to reputation penalties. * **Multiple Issues Same Root Cause:** a hunter submitting multiple Reports for the same root cause issue (ex: missing access control) will have all the other reports closed and will incur reputation loss and can even have his valid report closed * **Accepted Issues:** Dual Defence reports are evaluated for Critical severity only. However, if a valid Medium or High severity issue is reported with the correct classification, the hunter may be rewarded with reputation points. * **Incorrect severity tagging may result in rejection:** * If you submit a Medium severity issue and label it as Critical, the issue may be closed without reward and reputation points may be deducted. * Valid Critical reports may be downgraded to High, but honest classification will still be rewarded accordingly. * **Low and Informational Issues:** These are not accepted in Dual Defence. Submissions classified by the hunter as anything above Low (e.g., Medium ..) but determined to be Low/Info by Judge will result in reputation loss. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.hackenproof.com/dualdefense-audit/general-guidelines.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.