General Guidelines

Required Report Format: All submissions must have at least the following sections:
- Overview: Brief summary of the issue.
- Description: Clear explanation of the vulnerability, including step-by-step reproduction steps and relevant code excerpts.
- POC: Runnable Proof of Concept that demonstrates how the attack is performed and the resulting impact.
- Recommendation: Suggested fix or mitigation strategy.
POC Requirement: All Dual Defence submissions must include a runnable Proof of Concept (POC) at the time of submission. POCs submitted later via comments will not be accepted. Submissions missing a valid POC will be closed and may result in a reputation point penalty.
Extending The Issue Via Comments: Only the original issue reported will be considered for evaluation. Additional findings, exploit paths, or issues derived from the same root cause introduced via comments will not be taken into account when assessing validity or severity. Repeated attempts to introduce new issues via comments may lead to reputation penalties.
Multiple Issues Same Root Cause: a hunter submitting multiple Reports for the same root cause issue (ex: missing access control) will have all the other reports closed and will incur reputation loss and can even have his valid report closed
Accepted Issues: Dual Defence reports are evaluated for Critical severity only. However, if a valid Medium or High severity issue is reported with the correct classification, the hunter may be rewarded with reputation points.
- Incorrect severity tagging may result in rejection:
  - If you submit a Medium severity issue and label it as Critical, the issue may be closed without reward and reputation points may be deducted.
  - Valid Critical reports may be downgraded to High, but honest classification will still be rewarded accordingly.
Low and Informational Issues: These are not accepted in Dual Defence. Submissions classified by the hunter as anything above Low (e.g., Medium ..) but determined to be Low/Info by Judge will result in reputation loss.

PreviousWhat is DualDefence Audit NextHow DualDefence Audit goes

Last updated 6 days ago

General Guidelines

Required Report Format: All submissions must have at least the following sections:
- Overview: Brief summary of the issue.
- Description: Clear explanation of the vulnerability, including step-by-step reproduction steps and relevant code excerpts.
- POC: Runnable Proof of Concept that demonstrates how the attack is performed and the resulting impact.
- Recommendation: Suggested fix or mitigation strategy.
POC Requirement: All Dual Defence submissions must include a runnable Proof of Concept (POC) at the time of submission. POCs submitted later via comments will not be accepted. Submissions missing a valid POC will be closed and may result in a reputation point penalty.
Extending The Issue Via Comments: Only the original issue reported will be considered for evaluation. Additional findings, exploit paths, or issues derived from the same root cause introduced via comments will not be taken into account when assessing validity or severity. Repeated attempts to introduce new issues via comments may lead to reputation penalties.
Multiple Issues Same Root Cause: a hunter submitting multiple Reports for the same root cause issue (ex: missing access control) will have all the other reports closed and will incur reputation loss and can even have his valid report closed
Accepted Issues: Dual Defence reports are evaluated for Critical severity only. However, if a valid Medium or High severity issue is reported with the correct classification, the hunter may be rewarded with reputation points.
- Incorrect severity tagging may result in rejection:
  - If you submit a Medium severity issue and label it as Critical, the issue may be closed without reward and reputation points may be deducted.
  - Valid Critical reports may be downgraded to High, but honest classification will still be rewarded accordingly.
Low and Informational Issues: These are not accepted in Dual Defence. Submissions classified by the hunter as anything above Low (e.g., Medium ..) but determined to be Low/Info by Judge will result in reputation loss.

PreviousWhat is DualDefence Audit NextHow DualDefence Audit goes

Last updated 6 days ago