Flow of work

The standard audit contest procedure is a sequence of the following steps to check the project code:

  1. Stronghold launches an audit enlisting a group of experienced independent security researchers from our decentralized, networked community of solo auditors and setting up an audit contest with a bounty fund to have the project audited and all possible vulnerabilities detected.

  2. Stronghold assigns a full-time Lead auditor, a member of our decentralized network who audits the code along with the group of solo auditors and who is in charge of audit process management.

  3. Solo auditors check the project code on a competitive basis and submit vulnerabilities that affect its security along with additional recommendations on code improvements.

  4. The Lead auditor triages and validates the vulnerabilities submitted by the participants in accordance with the approved methodology and prepares the unified interim audit report.

  5. Customer fixes the bugs identified and provides feedback on each finding from the interim audit report.

  6. The Lead auditor reaudits the code base after bug fixing and indicates the status of each finding. Customer has 10 business days for bug fixing. If fixes weren’t made within 10 business days after the provision with the interim audit report, Stronghold has the right to postpone the reaudit process for 20 business days (1 month). If fixes weren’t prepared within the additional 1 month, the reaudit stage would be skipped. If, during the reaudit process, new findings are detected, then the Client has 5 business days to fix them. Otherwise, the reaudit of new findings will be skipped.

  7. The Lead auditor provides the final audit report upon completion of the reaudit.

  8. Stronghold (upon Customer consent) uploads the final audit report on GitHub Public Audits Repo and makes an announcement on Twitter.

Last updated