When we released Code4rena Profiles, the main goal was to give auditors a way to showcase their performance so that they could take on solo auditing opportunities, with the data needed to verify their expertise right there. We know that changing your current approach of booking a solo audit might be a bit of a daunting prospect, which is why we’ve put this article together. We’ll walk you step-by-step through how the solo audit booking process via your Code4rena Profile works, what benefits you’ll receive as part of it, and answer all of your burning questions. Let’s dive in!
The benefits
If a project has viewed your profile and would like to book you for a solo audit, all they have to do is click the ‘Get a quote’ button on your Code4rena Profile to initiate the process! The C4 team you already know and trust will help take care of:
- Scoping, pricing, and logistical planning
- Legal agreements
- Collection and disbursement of funds
- External accountability via a Code4rena Judge
The booking process
Step 1: The project request
- When a project has found an auditor they want to engage, they click the ‘Get a quote’ button on their profile.
- The user is then taken to a Typeform page.
- The user completes the Typeform submission, and the Code4rena team is notified.
Step 2: The Code4rena team springs into action
- A member of the Code4rena team reaches out to the project to confirm the specifics and handle the scoping.
- Next, the Code4rena team member creates a private Discord channel to communicate with you. In this stage, you’ll be provided with the scoping details so that you can estimate your fee accordingly, and confirm your availability.
- You don’t need to communicate directly with the sponsor team during this stage; Code4rena’s sales team will negotiate on your behalf and act as your broker. However, you’re most welcome to request additional information and context, and the C4 team will do their best to get you whatever you need.
- Code4rena adds a 20% administration fee to your quote, to establish the total cost to the sponsor.
Step 3: Dotting the i’s and crossing the t’s
- On your behalf, the Code4rena team will work to obtain a signed agreement with the project. They’ll collect payment upfront so you can get access to your funds immediately after the audit’s completion.
- You’ll then be invited into a private Discord channel with yourself, the Code4rena team, and the project. GitHub repo access is granted and the audit can now begin!
Step 4: During the audit
- Most solo auditors use the private, sponsor-facing channel to share individual issues as they find them, for discussion with the project team.
- Auditors are welcome to arrange a call with the project team if it’s helpful, but it is not required.
- Through direct discussion, Warden and project collaborate to verify the vulnerability, and the warden recommends appropriate mitigations.
- Some wardens opt to include a mitigation review in their process, but that is negotiable. You may opt to bundle this into your price quote, or offer it as an optional add-on.
- Your private channel — open to just you and C4 staff — remains available to you throughout the audit and afterward, and you may use it to ask staff questions or make requests.
- If needed, a C4 judge can be brought in to mediate any disputes over validity or risk of findings. Either the auditor or the project team may request a judge’s review.
- Finally, the warden delivers the report.
Step 5: The finish line
- Depending on scope, a typical solo audit can take anywhere from one day to two weeks or more. Most are completed within a week.
- Upon confirming the audit’s completion with you and the project, Code4rena will issue payment for all your hard work.
FAQs
Do you have to write your own audit report?
- We’ll collaborate to publish the report on your Code4rena profile.
What happens if an issue is disputed?
- If needed, a C4 judge can be brought in to mediate any disputes over validity or risk of findings. Either the auditor or the project team may request a judge’s review.
Do you have to be certified to participate in a solo audit?
- Yes
Does Code4rena charge a fee?
- Code4rena adds a 20% administration fee to your quote.
What happens if there’s an issue with payment?
- Code4rena collects payment in full before the audit begins, so that we can pay you immediately upon completion of work.
How should my report be formatted?
- Auditors are welcome to use their own report templates, or you can adapt the format from one of Code4rena’s past reports.
- Most sponsors prefer to receive their report in Markdown format. We recommend that you include a disclaimer, and a link to the definitions of risk levels / criteria you used for the audit.
Will my report appear on the Code4rena website?
- Soon it will be possible to highlight your solo audit reports in your Code4rena profile. In the meantime, so long as the sponsoring project agrees to make the report public, you are welcome to share it.
Are solo audits included on the Code4rena leaderboard?
- We’re planning to add solo audits to the C4 leaderboard in the near future, but currently, they are not displayed.
How can I highlight my solo auditing skills through my Code4rena profile?
- Projects are often looking for auditors with subject matter expertise (e.g. NFTs, AMMs, etc.), so it’s helpful to highlight your skills and experience on your Code4rena profile. Consider listing: Types of projects you’ve audited, your personal specialties or areas of study, the types of projects in which you’re most interested.
