Code 423n4 is an experimental open organization determined to build a new method to review the security of smart contracts. C4 reviews code with a competitive, open code review process where all participants eat what they kill, as they compete to be the champion of the arena.
Be one of the first humans to ever join Our Discord!
Traditional Audits Are:
- Expensive — Auditing firms must be compensated for maintaining their brand and effectively curating good smart contract security experts and find clients in need of audits. This operational overhead makes audits expensive, while also giving audit firms incentives to cut corners.
- Time Inflexible — Audits must be scheduled sequentially, so each individual engineer working at the firm has not too much, but also not too little work. This constraint creates scheduling inflexibility that creates obstacles and inefficiencies for teams racing to go to market.
- Completeness Constrained — audit teams (or individuals) must be somewhat aware of all different types of vulnerabilities. As the complexity in the space grows, the vulnerability space grows with it, and the knowledge that any one person can have on any one type of vulnerability becomes diluted.
Code 423n4 Security Reviews Are:
- Cost Flexible — teams can determine the size of their bounty pot. Larger the pot, the more attention the contest will attract.
- Time Flexible — the arena can accommodate multiple concurrent audits, and startups are free to start and end their Review Period whenever they choose. The players in the arena are free to participate in multiple overlapping Reviews.
- Specialization Supportive — Since the goal of each participant is to find security bugs, rather than find all the security bugs, Code 423n4 Security Reviews are ideal for highly specialized security researchers. The rarer the bug found, the higher the reward.
How contests work:
There are three characters in the Code Arena:
Wardens — wardens hunt for bugs in the smart contracts of decentralized protocols
Sponsors — sponsors create bounty pools to attract wardens to their contests.
Judges — judges are responsible to allocating bounty pools to wardens based on their performance.
Wardens are scored by Judges based on their submission. Code Arena uses a unique scoring system to incentivize wardens. The system has two primary goals, to reward contestants for finding unique bugs and also to make the contest sybil attack resistant. A secondary goal of the scoring system is to create a small incentive for contestants to form squads and work together. Bugs are divided into 3 classes: Low Risk, Medium Risk, High Risk.
Contestants are given shares for bugs discovered, and those shares give the owner a pro rata piece of the pot.
Low Risk Bounty Shares: 1 * (0.9 ^ discoveryCount) / discoveryCount Medium Risk Bounty Shares: 3 * (0.9 ^ discoveryCount) / discoveryCount
High Risk Bounty Shares: 10 * (0.9 ^ discoveryCount) / discoveryCount
Each bounty share is redeemable for: Pot / number of Bounty Shares.
When is the first contest?
very very very soon. Please follow us on twitter for details!
