Writing a Finding

Understand the Scope and Rules: Before beginning your audit, make sure you fully understand the scope and specific rules of the competition. Focus your efforts on areas that are within the defined scope to ensure your findings are eligible for rewards.

Identify Vulnerabilities: Use a combination of manual code review and automated tools to identify vulnerabilities. Prioritize vulnerabilities based on their severity and impact on the protocol.

Document Your Findings: Clearly and concisely document each vulnerability you find. Include the following in your report:

• Title: A concise title that summarizes the vulnerability.

• Severity: Estimate the severity of the vulnerability (High, Medium, Low).

• Description: Detailed explanation of the vulnerability, how it works, and why it is a threat, including code references.

• Proof of Concept: Step-by-step instructions or a script demonstrating the vulnerability.

• Suggested Fix: If possible, suggest a way to mitigate or fix the vulnerability.

Submitting Your Findings

• Prepare Your Submission: Ensure your report is clear, concise, and contains all necessary information. Double-check the competition rules for any specific submission requirements.

• On-Chain Submission Process: Hats Finance uses an on-chain submission process for increased transparency and traceability. Submit your findings through our dApp, which will record your submission on the blockchain.

• Await Review: Once submitted, your finding will be reviewed by the project’s committee. The committee may reach out to you for further discussion or clarification on your submission.

• Reward Process: If your finding is accepted, you will be rewarded based on the severity of the vulnerability and in accordance with the competition's reward structure. Hats Finance ensures timely and fair compensation for your valuable contributions.

Tips for a Successful Submission

Detail is Key: The more detailed your report, especially in the proof of concept, the better your chances of it being accepted.

Stay Updated: Keep abreast of the latest vulnerabilities and hacking techniques to ensure your skills remain sharp.

Communication: Be ready to engage in discussions regarding your findings. Clear communication can often be as important as the finding itself.

Thank you for participating in Hats Finance audit competitions. Your efforts help secure the future of DeFi and contribute to a safer Web3 environment.