Get a base fee for completing routed review work. Earn additional rewards for accepted findings and validation. Then compete within your tier for monthly leaderboard bonuses funded by Proof of Audits’s eligible platform earnings. Your total score builds your career. Your monthly score growth creates another opportunity to earn.
Paid for the work. Rewarded for the impact. Recognized for consistent growth.
Get paid for correctly completing your assigned audit responsibilities.
Complete your assigned review correctly and earn the published base fee—even when no valid vulnerability is found.
Earn additional severity-based rewards for accepted security findings.
Your base fee pays for the review. Your findings reward the security impact you create.
Earn for validation, fix verification, escalation, and post-audit checks.
Provide validation work or closeout review to earn specialized, steady secondary fees on engagements.
Finish among the top three monthly score earners in your tier and share the reward pool.
Competitors in the same tier win bonuses based on score gained during the current monthly cycle.
Earn for pre-auditing protocol scope and performing investor risk reviews.
Review protocol architecture, verify scope boundaries, and conduct pre-audit risk assessments for investors before full execution.
Earn for post-audit verification, invariant monitoring, and patch validation.
Validate protocol fixes, monitor post-deployment runtime invariants, and issue verified post-audit completion reports.
You should not have to restart from zero on every platform. Connect your verified work from Sherlock, Code4rena, Immunefi, Cantina, CodeHawks, Hats, HackenProof, GitHub, and approved private audit evidence.
Proof of Audits verifies ownership, accepted findings, severity history, specialties, reliability, and duplicate records.
Your past work becomes your starting point—not a forgotten profile link.
Verified Identity
Wallet + public handles
Proof of Work
Accepted findings only
Skill Matching
AMM, lending, bridge, oracle, vaults
Routing Eligibility
Tier + skill + COI checked
Proof of Audits turns accepted findings, correct validations, reliability, and native audit history into routing authority. Lifetime score moves your tier. Monthly score growth creates a separate bonus path.
Real routing signal
Better work opens better matched scopes, not generic status badges.
Function-level precision
Focused function review, invariants, unit tests, and proof-of-concept findings.
What counts
Accepted external findings can establish a baseline; native Proof of Audits work builds the live score.
Eligible for T3 once score, reliability, and sample-size gates pass.
Contract-level consistency
Whole-contract review, fuzz harnesses, access-control sweeps, and validation of routed T4 reports.
What counts
Consistency starts to matter here: valid findings, correct validations, and missed-scope penalties all count.
T2 is review-gated, with stronger reliability and native-history requirements.
Cross-contract risk
Integration paths, oracle and state dependencies, exploit construction, and validation of routed T3 reports.
What counts
Routing depends on exact tier, matching tags, availability, conflict checks, and reliability history.
T1 requires senior review, vouches, and evidence that the auditor can reason across whole systems.
System-level authority
Governance, MEV, economic design, systemic escalation, and validation of routed T2 reports.
What counts
T1 is not a slogan. It is a narrow authority band backed by verified score, reliability, and review evidence.
T0 is separate: final report, appeal, missed-bug attribution, and settlement closeout appointment.
Public handles, accepted findings, severity, uniqueness, rank, difficulty, and recency build the starting record.
Work is matched by exact tier, skill tags, availability, protocol architecture, and conflict checks.
T3 validates routed T4 reports, T2 validates routed T3 reports, and T1 validates routed T2 reports.
Monthly bonus boards rank score gained during the cycle, separate from lifetime score.
Base fees and finding rewards pay you for individual engagements. The Monthly Auditor Reward Pool recognizes consistent contribution across the Proof of Audits ecosystem.
Function-level contributors compete only inside their own tier for monthly bonus awards.
Contract reviewers and validators compete only inside their own tier for monthly bonus awards.
Cross-contract reviewers compete only inside their own tier for monthly bonus awards.
System-level reviewers compete only inside their own tier for monthly bonus awards.
* Proof of Audits funds the Monthly Auditor Reward Pool using a published portion of eligible platform earnings. Auditor bonuses are performance rewards and do not represent equity, ownership, dividends, or a claim on Proof of Audits revenue. Eligible platform earnings include settled platform fees but exclude protocol bounty deposits, auditor base-fee funds, refundable balances, taxes, chargebacks, and unsettled or disputed payments. For tier changes, an auditor competes in the tier where they spent the greatest number of eligible days during the monthly cycle.
No hidden payout rules. No silent score changes. No unexplained deductions.
Assigned scope, base fees, platform fee, and finding bounty structures are fully detailed before you accept a route.
The target code commits and boundaries are locked. Clients cannot sneak in code changes or extra folders during your review.
Duplicates yield score increases only. For cross-scope reviews, you can earn a percentage of the bounty plus the base fee of the missed percentage only when the assigned auditor missed it. If they did not miss it, you only get the score increase.
Your downside is capped. Missed bugs cannot create unlimited negative balances. Any deduction must pass standard attribution rules.
Every decision regarding classification, validity, duplicates, severity, or penalty includes a published written technical explanation.
Auditors have a standard appeal window (typically 48 hours) to dispute any preliminary judgements before closeout.
Settlement timelines, payment mechanisms, and KYC rules are transparently defined. No surprise deductions or delayed payouts.
See how base fees, unique findings, duplicate protections, and validation rewards compound into your final settlement.
Proof of Audits pays for completed review work under the accepted route terms, so a clean report can still earn its base review fee. Valid findings are additional rewards on top of that settled base.
| Severity | Pool Share | Rep Points |
|---|---|---|
| Critical | 35% | +15 points |
| High | 30% | +7 points |
| Medium | 25% | +3 points |
| Low / QA | 10% | +1 point |
* Pool shares are from the bounty pool portion of your tier share (50% of tier share).
* Missed basic bug = −10 reputation. Promotion: T4→T3 = 50 rep + 10 tasks, T3→T2 = 150 rep + 30 tasks, T2→T1 = 300 rep + 60 tasks.
* Submission stake: 3% of base fee per submission. Appeal stake: 5% of base fee.
Full-stack pool: $23,000 → Tier share: $5,750 → Base: $719 / Bounty: $2,875
Learn how public security findings and contest outcomes are ingested into verified Sea Warrior tiers, mapping your skills to active project allocations.
Four stages that convert verified public security history into prioritized routing weight.
Auditors submit their public handles. Sherlock acts as the primary hub, while mapped profiles from Code4rena, Immunefi, Cantina, Hats, and HackenProof are linked and de-duplicated. Ownership is verified through a unique bio challenge on the primary profile.
Once handles are verified, Proof of Audits collects public findings from connected platforms and removes duplicate records, mirrored reports, and repeated entries to preserve a clean, high-fidelity audit history.
Duplicates Removed
27.4%
Verified findings are reviewed and tagged into protocol domains such as AMMs, lending, bridges, and RWAs, along with bug classes like reentrancy, access control, logic, and oracle manipulation. This is manually profiled for routing accuracy—not AI-only tagging.
Severity mix, validation accuracy, and verified history flow into the scoring engine to compute the final routing score and assign the Sea Warrior Tier from T4 to T1. Tier safeguards help prevent volume gaming.
Transparent. Verifiable. Routing you can trust.
Proof of Audits does not route audits only by leaderboard position. Routing considers your tier, verified specialties, protocol architecture, bug-class experience, availability, conflict-of-interest status, validation accuracy, and reliability history.
An auditor experienced in lending and oracle manipulation should receive lending and oracle-related scopes—not unrelated work simply because a slot is open.
Receive work that matches what you have proven you can review.
Engagements cascade from T4 function-level sweeps down to T1 whole-system signoffs. T0 acts as the ultimate verification layer.
Focused review of assigned functions, invariants, and first routed findings.
Contract-level review plus validation of T4 reports before escalation.
Integration paths, oracle and state dependencies, and validation of T3 reports.
System-level risk review across architecture, incentives, governance, and final escalation.
Appeals, missed-bug attribution, private-note validation, final report approval, and settlement evidence.
Your verified score, reliability, validated finding sample, and Proof of Audits-native history determine your computed auditor tier. T3 can be applied automatically when gates pass; T2 and T1 require review. T0 is a separate final-review appointment.
Verified history only. Evidence, reliability, native findings, and reviewed promotions keep routing tied to proven performance.
How Your Score Determines Your Tier
Score: < 250 or gated
Reliability: < 60% / unknown
Build verified review evidence. Default entry and proof-building tier until sample-size, score, reliability, and review gates clear.
Score: 250 - 599
Reliability: >= 60%
Review contracts and validate focused findings. Contract-level review, structural fuzzing, and validation of T4 reports before escalation.
Score: 600 - 1199
Reliability: >= 75%
Review cross-contract systems and exploit paths. Cross-contract and integration review, with validation responsibility for T3 escalations.
Score: >= 1200
Reliability: >= 85%
Lead whole-system review and senior validation. Whole-system review across governance, MEV, economic design, and final escalations.
Score: Appointment
Type: Final Review
Independent final-review appointment. Final review, appeals, report approval, missed-bug attribution, and settlement evidence.
What You Unlock At Higher Tiers
Better payout bands, priority fee allocations, and bonus pool distributions. Accepted routes show a base review fee by tier, with higher tiers carrying larger base allocations when scope and eligibility match.
Validate downstream findings, construct exploit paths, and handle higher-tier escalations.
Get priority access where exact tier, skill tags, availability, and COI checks match.
Build verified on-chain credibility, reputation points, and global recognition.
Senior reviewers shape standards through validations, appeals, and final-report evidence.
Verified public history establishes the starting score using accepted findings, severity, uniqueness, outcome, rank, difficulty, and recency.
At T0 closeout, confirmed findings apply severity x complexity deltas: Critical +160, High +90, Medium +35, Low +10.
Reliability must be known and meet tier floors: T3 60%, T2 75%, T1 85%. Fewer than 5 validated findings stays T4.
Invalid findings, copycats, wrong validations, denied appeals, and missed own-scope bugs reduce score at closeout.
Your tier can grow as you grow. Keep participating in audits, sharpening your findings, and validating invariants to unlock the next levels of authority.
This is what auditors should expect before Proof of Audits sends work into a proof-backed engagement.
Wallet session, contact details, and public audit handles.
A bio challenge ties each public profile back to the applicant.
Accepted findings, severity patterns, platforms, and contest evidence.
Tier, skill tags, reliability signals, and validation baseline.
Eligible work is based on exact tier, skill match, availability, and conflict checks.
Accepted work, validation accuracy, closeout events, and reliability affect future routing.
Your work should keep creating opportunities after the payout is complete.
After closeout, verified work updates the auditor’s record. The Auditor Passport displays your accepted findings, severity distribution, validated specialties, reliability, validation accuracy, duplicate history, fix-verification work, completed audit scopes, tier, score, and eligibility for future routes.
More predictable duplicate economics, clearer tier growth, and reputation evidence that follows verified work instead of staying trapped inside one contest page.
Duplicates within your scope yield score increases only. For cross-scope reviews, you can earn a percentage of the bounty plus the base fee of the missed percentage only when the assigned auditor missed it.
T3 can apply automatically after score, reliability, and sample-size gates; T2 and T1 remain review-gated so authority is earned, not guessed.
Auditors can move from focused hunting into validation, escalation, and final-review adjacent work through the T4 to T1 cascade.
Verified work feeds Proof of Audits score state, public profile surfaces, and protocol trust evidence instead of staying as a platform-only contest result.
| What Matters To You | Proof of Audits | Contest / Firm Baseline |
|---|---|---|
Duplicate payout clarity When multiple researchers find the same bug. | Duplicates yield score increases only. In other scopes, you earn a percentage of the bounty plus the base fee of the missed percentage only when the assigned auditor missed it. | ✕ Traditional platforms use exponential duplicate decay, while bug bounty duplicate treatment varies program-by-program. |
Career progression How work turns into higher authority. | T4 to T1 has explicit score, reliability, finding-sample, native-history, vouch, and review gates. | ✕ External rankings and reputation are platform-specific and usually do not become portable routing authority. |
Validation responsibility Who reviews downstream findings. | T3 validates T4, T2 validates T3, T1 handles system-level validation, and T0 closes report/appeal/settlement evidence. | ✕ Judging, triage, and mediation depend on the platform, client, contest judge, or private firm process. |
Payout governance How money moves after finality. | Payouts move after settlement lock, payout request, and KYC gates, with the 5% auditor-side fee stated in policy. | ✕ Payout terms, duplicate treatment, timing, and project involvement vary by contest, bounty, or firm contract. |
Accountability What happens when quality fails. | Invalid findings, copycats, wrong validations, denied appeals, and missed own-scope bugs reduce score at T0 closeout. | ✕ Competitor penalties are narrower: duplicate dilution, judge signal losses, or platform-specific lead rules. |
Visibility How your work is seen later. | Approved work can feed auditor profiles, leaderboards, trust passports, and protocol-facing proof surfaces. | ✕ Recognition normally stays inside that platform's leaderboard, contest page, report credit, or private firm brand. |
Follow-on work Beyond one finding submission. | Invariant, Sentinel, post-audit, validation, and final-review surfaces create more ways to prove skill when enabled. | ✕ Contest and bounty programs often end at judging, reward distribution, or a static report unless a separate engagement is bought. |
Here, verified skill becomes routing power.
Source-backed comparison inputs: alternative duplicate decay models, program-specific duplicate treatments, and Proof of Audits tier/closeout policy.
Every rule that can affect your work, payment, score, and reputation—answered before you commit.
Paid for completed review work
Your base fee does not depend on finding a Critical or High-severity issue. It is earned by completing the accepted scope and submitting an original, policy-compliant review on time.
Independent work still receives recognition
Proof of Audits identifies duplicates by root cause, affected mechanism, exploit result, and recommended remediation—not merely by similar titles.
Slashing is limited and reviewable
A missed bug cannot create an unlimited negative balance. Any deduction must pass the published attribution test, remain within the route’s maximum slashing cap, and survive the appeal window.
Every material decision includes reasons
Invalidity, duplicate classification, severity, slashing, and score changes include written reasons and an evidence trail. Auditors can appeal during the published review period.
Our auditor support team is here to help you.
Know what happens after you submit.
You submit your report before the deadline.
Assigned validator reviews within 48–72 hours.
Findings are grouped and scored.
You receive results with reasons.
48 hours to appeal any decision.
T0 reviewer confirms final decisions.
Payout is processed after all checks.
Join Proof of Audits and turn your verified skills into real impact and rewards.
