Smart Contract Audit Competitions & Bug Bounty Platforms

3 Active contests
$154,200$154K Active prize pool
505 Bug bounties
6 Platforms

Last updated Jul 08, 2026 · 17:10 UTC

Showing 21–40 of 426

3 audit contests423 bug bounty programs

Protocol Source Prize Window Link
NEAR Intents: Bridges
Rust Solidity dexbridgewallet
Hackenproof Active
$300K max Ongoing View
Multipli Smart Contracts
Solidity defiinfrastructurestaking
Hackenproof Active
$10K max Ongoing View
Multipli Web
stakingweb
Hackenproof Active
$2K max Ongoing View
NEAR Intents: SDK
bridgedexwallet
Hackenproof Active
$20K max Ongoing View
Citrea Protocol & Smart Contracts
Rust Solidity l1/l2smart contractblockchain
Hackenproof Active
$250K max Ongoing View
Citrea Web & Apps
bridgeinfrastructureweb
Hackenproof Active
$25K max Ongoing View
Monday Trade Web
dexwebapps
Hackenproof Active
$3K max Ongoing View
Solv Smart Contracts
Rust defismart contract
Hackenproof Active
$50K max Ongoing View
Whitechain Bridge
Solidity bridgesmart contract
Hackenproof Active
$10K max Ongoing View
Solv Web & Infrastructure
defidappweb
Hackenproof Active
$20K max Ongoing View
ADI Foundation zkVM Verification
Rust Solidity infrastructurel1/l2blockchain
Hackenproof Active
$10K max Ongoing View
FlowX CLMM Smart Contracts
Move sui ecosystemdexdefi
Hackenproof Active
$5K max Ongoing View
Volo Web
defisui ecosystemweb
Hackenproof Active
$5K max Ongoing View
Volo Smart Contracts
Move stakingdefisui ecosystem
Hackenproof Active
$150K max Ongoing View
NAVI Protocol Web
infrastructuresui ecosystemweb
Hackenproof Active
$10K max Ongoing View
NAVI Protocol
Move lendingsui ecosystemsmart contract
Hackenproof Active
$300K max Ongoing View
Momentum Smart Contracts
Move stakingsui ecosystemsmart contract
Hackenproof Active
$200K max Ongoing View
Ember Vaults Smart Contracts
Move defisui ecosystemsmart contract
Hackenproof Active
$15K max Ongoing View
Turbos Finance Smart Contracts
Move defidexsui ecosystem
Hackenproof Active
$15K max Ongoing View
LayerZero
Solidity arbitrumastar zkevmaurora
Immunefi Active
$15.0M max Ongoing View
Loading timeline...
Hackenproof Active

Citrea Protocol & Smart Contracts

$250K Max bounty
Ongoing program
View on Hackenproof
Hackenproof Active

ADI Foundation zkVM Verification

$10K Max bounty
Ongoing program
View on Hackenproof

Smart Contract Audit Competition & Bug Bounty Platforms Compared

Six major platforms host the Web3 audit competitions and smart contract bug bounty programs aggregated above. Click any platform to see only its active contests.

Comparison of the major smart contract audit competition and bug bounty platforms.
Platform Type Typical Prize Contest Length Best For
Code4rena Audit contests $50K to $500K 3 to 14 days DeFi protocols pre-launch
Sherlock Contests + bounties $50K to $300K 7 to 30 days Insurance-backed audits
CodeHawks Audit contests + First Flights $5K to $200K 3 to 21 days Newer auditors building a track record
Cantina Mega-comps + bounties $200K to $2M+ 14 to 30 days Experienced researchers, high-value protocols
Immunefi Ongoing bug bounties Up to $15M per critical Ongoing Production protocol vulnerability hunting
HackenProof Bounties + crowdsourced audits $1K to $1M+ Ongoing or time-boxed Managed Web3 programs and exchange/protocol bounties

Frequently Asked Questions

What are the best smart contract bug bounty platforms?

The leading Web3 bug bounty platforms are Immunefi (largest, $15M max payouts on DeFi protocols), Cantina (Spearbit's bounty program plus audit competitions), HackenProof (managed Web3 bounties and crowdsourced audits), Sherlock (audit contests with insurance-backed bounties), and Code4rena (best known for time-boxed audit competitions). Codehawks rounds out the field with Cyfrin-run contests focused on emerging protocols and beginner-friendly First Flights.

Which audit competition platform pays the most?

Cantina runs the largest audit competitions ($2M+ prize pools for protocols like EigenLayer and Uniswap v4). Immunefi pays the highest per-bug bounty (up to $15M for critical findings). Code4rena and Sherlock typically run $100K-$500K audit contests. Codehawks First Flights are smaller but accessible to newer auditors.

How do smart contract audit competitions work?

Audit competitions invite security researchers to review a protocol's smart contract code for a fixed prize pool over 1-4 weeks. Rewards are split based on unique valid findings, weighted by severity (critical, high, medium). Code4rena, Sherlock, Codehawks, and Cantina are the main platforms.

How much can you earn in a smart contract audit competition?

Top auditors earn $10,000-$500,000+ per competition. Cantina and Code4rena regularly run $500K-$2M prize pool contests. Bug bounties can pay up to $15M per critical finding on platforms like Immunefi.

What is the difference between a bug bounty and an audit contest?

Audit contests run for a fixed time window with a fixed prize pool shared among all valid findings. Bug bounties are ongoing programs where each valid submission earns a direct per-vulnerability reward (often $50K-$15M depending on severity). Bug bounties require finding a real vulnerability in production code.

How do I get started with smart contract auditing?

Learn the most common vulnerability classes first: reentrancy, flash loan attacks, oracle manipulation, and access control. The SCH Smart Contract Hacking Course covers all the core attack patterns that audit competitions test, starting from zero experience.

How to Start Competing in Smart Contract Audits

A practical path from learning vulnerability classes to submitting your first contest finding.

  1. Learn the core vulnerability classes

    Master reentrancy, access control, oracle manipulation, flash loan attacks, and arithmetic overflows. These five classes account for most contest findings.

  2. Practice on retired contests

    Read every public report from past Code4rena and Sherlock contests. Try to spot findings yourself before reading the writeup. This is how every top auditor trained.

  3. Start with CodeHawks First Flights

    First Flights are small audit contests designed for newer auditors. Prize pools are under $20K, scope is small, and competition is lighter. They build real submission history.

  4. Enter your first full competition

    Pick an active audit contest from the tracker above filtered by Solidity and a $50K-$200K prize range. Spend 20 to 40 hours on the contest, even if you only find one valid medium-severity issue.

  5. Build a public track record

    Publish your findings, share writeups on Twitter and Mirror, and start accumulating valid submissions across multiple platforms. A documented track record is what opens bug bounty access and full-time auditor roles.