Skip to main content
Sign in Menu

KYC Process for Audit Competitions

  • Updated

KYC Process for Security Researchers After an Audit Competition/Attackathon

For Audit Competitions, Invite-Only Programs, or Attackathons, KYC is only required if explicitly stated by the program. If no such requirement is specified, there is no need to undergo this process.

If KYC is required, it occurs during the evaluation phase, which is after the competition ends but before rewards are calculated and distributed. At this stage, you’ll receive a comment on your confirmed report containing a link to our KYC provider, Onfido, where you can submit your documents.

 

What You Need for KYC

To successfully complete the KYC process, you must provide BOTH:

  1. A government-issued photo ID
  2. Proof of address, which can be from:
    • A utility bill (e.g., electricity, water, gas, internet, phone).
    • A bank statement.

Important:

  • When uploading your proof of address, please only submit the page from the bank statement or utility bill that has your address listed and a recent date (last 6 months). Multipage documents are unnecessary and may delay processing.
  • Ensure all submitted images are clear and free from distortions or artifacts. Suspicious submissions will result in automatic rejection.
  • An ID that has your address listed can qualify as government-issued photo ID but does NOT qualify as proof of address. 

On Onfido, if your country is not listed as valid for Proof of Address (PoA), submit an alternative country [i.e. Singapore*]. Please refer to Onfido's Proof of Address Guide to understand which country to select based on the PoA you want to submit.

Additionally, when completing KYC via Onfido, you must use the same email address linked to your Immunefi account. This ensures we can accurately associate your KYC submission with your account.

 

What Happens After KYC Submission?

If your KYC submission is approved, you will receive a follow-up message via the same bug report where you received the KYC submission link. This message will confirm that your KYC has been successfully completed.

Note: No confirmation will be sent directly from Onfido.

Once the program is ready to process payments, an announcement will be made on the designated Immunefi Discord channel for that program. You will need to wait for this announcement to know when payments and rewards will be distributed.

 

Important Notes on KYC

Country Restrictions:

Check our Terms of Use to confirm your eligibility.

Eligibility Criteria:

  • Under 18? Unfortunately, you cannot pass KYC, and your participation will not result in a reward.

Forfeiture of Rewards:

If your KYC submission is rejected, your rewards will be forfeited, and the payout will be recorded as $0.

KYC Process for Security Researchers Invited to an IOP (Invite-Only Program)

For Invite-Only Programs (IOPs), KYC is conducted before the competition begins, unlike standard Audit Competitions or Attackathons where KYC typically happens after confirmed reports. This ensures all participants are pre-verified ahead of the program's start.

If you are invited to participate in an IOP, you will likely receive the KYC submission link via email or a direct message on Discord from an Immunefi team member. Since there are no confirmed reports yet, this method ensures you are verified and eligible to participate before the competition begins.

 

KYC FAQ

When I try to provide proof of address, my country isn’t listed. What should I do? 

A: enter an alternative country e.g. Singapore (Please refer to Onfido's Proof of Address Guide to understand which country to select based on the PoA you want to submit.

My KYC was rejected. What happens now? 

A: If you were doing KYC to join an IOP, you are no longer eligible to join that IOP. If you were doing KYC to receive rewards from an Audit Competition or Attackathon, you are no longer eligible to receive those rewards. They will be redistributed to other participants. 

What happens if I’m late in providing KYC? 

A: If you are slow in providing KYC beyond a reasonable timeframe, Immunefi will provide you a deadline before which you must pass KYC. If you miss this deadline, you will be considered as not having passed KYC, and your rewards will be forfeit. 

Do I have to do KYC multiple times in an Audit Competition if I have multiple reports? 

A: No, you only have to do KYC once per Audit Competition. 

Do I have to go through KYC again if I already went through KYC for another project? 

A: Yes, you must undergo KYC again for each program that requires it. 

Related articles

Comments

0 comments

Article is closed for comments.