Skip to main content
Sign in Menu

Audit Project Material Guidelines

  • Updated

Overview

The Immunefi audit process is designed to empower Security Researchers (SRs) to focus on high-quality security analysis while Immunefi manages logistics, coordination, and reporting. 

The process is fully managed by Immunefi, ensuring transparency, accountability, and a smooth experience across all participants.

  • Immunefi selects SRs from its vetted pool based on technical match and availability.
  • A dedicated GitHub audit repository is created by Immunefi, with structured templates and issue tracking.
  • SRs submit findings as GitHub issues using Immunefi’s pre-defined structure and labeling.
  • Immunefi coordinates the process end-to-end: scope alignment, communication, triage, report curation, and fix review.

Phase 1: Pre-Audit - Set Up for Success

This initial phase aligns all participants and provides access to required materials.

  • Confirm your availability for the full duration of the audit
  • Provide your GitHub handle to receive repository access
  • Join the designated communication channels (Telegram/Discord)
  • Review the provided project documentation, asset scope, and repository structure
  • Participate in the Kick-off Call to:
    • Introduce your background and audit focus
    • Ask clarifying questions about the architecture, logic, or protocol intent
    • Confirm expectations and timelines

Phase 2: Audit Execution - Audit Effectively

During this phase, SRs perform the security review and submit all issues in the shared repository.

  • Conduct a thorough analysis of the scoped codebase
  • Submit findings in the Audit GitHub repository following the instructions and labelling conventions outlined in the GitHub repository README
  • Maintain timely and professional communication:
    • Ask questions early
    • Respond promptly to project comments or clarifications
    • Do not disclose findings until Immunefi confirms approval from the Client.
  • Respect Immunefi’s rules at all times.

Phase 3: Closure – Wrap Up Professionally

In the final phase, we finalize the report and verify issue resolution.

  • Submit all findings by the Audit End Date
  • Attend the Final Readout Call with Immunefi and the Client to:
    • Clarify any remaining questions
    • Share overall impressions or final recommendations
  • If requested, conduct a fix review (up to 1 working day) to:
    • Validate submitted fixes
    • Update issue status (e.g., “Fixed” or “Requires Change”)
  • Immunefi will curate the final audit report. Ensure your GitHub issues are:
    • Professionally written
    • Accurate, complete, and well-structured

Related articles

Comments

0 comments

Article is closed for comments.