For the forseeable future, Code4rena will run all of its audit competitions for zero platform fee. The original reason we acquired Code4rena↗ was so that we could deliver better security for our customers. Now, we’re committed to helping raise the bar for the entire crypto industry.
The economics of competition platforms like Code4rena make more sense as a public good rather than a rent-seeking business. At a basic level, contest platforms are simple pieces of software. They are essentially undifferentiated CRUD apps↗. Think about it: what functionality do you really need to run a contest? Submit report, view reports, assign severity, etc. It doesn’t take that much to build and maintain these; the value comes from the community. But despite being commodities, competition platforms are still priced as differentiated products, limiting access for the smaller teams who still want to prioritize security.
Meanwhile, everyone deserves to have competitions. Competitions are an essential component in a multi-layered security strategy. Compared to audits alone, they offer a more realistic simulation of real-world conditions on-chain, where thousands of white (and black) hats are ready to hack a protocol. And unlike bug bounties, they’re time and cost-bounded, which makes them much more attractive and practical for teams trying to ship fast. That’s why we always recommend an audit competition paired with a traditional audit, or Audits+↗.
Ever since we invented the format in 2021, Code4rena has been the competition platform with the largest auditor pool (10,000+ registered). We’ve always believed that builders should have open access to the best security talent, and just as importantly, that auditors should have broad opportunities to work with great projects. That’s also why we’re intentional about keeping the platform affordable. High platform fees add friction for both sides. We’d rather focus on helping more builders access top-notch security, and helping more auditors get paid for great work.
That’s why we’ll be doing all of our contests for zero platform fees, indefinitely.
What do you mean by “free”?
Great question. We mean “free” as in no platform fees (also known as “marketplace” fees). For more detail, let’s break down the economics of a typical audit contest.
Currently, our standard model is a 96% conditional pool and a judging fee. The 96% conditional pool is refunded if no High or Medium issues are found. This means that you pay very little if the contest does not find an actionable bug that requires fixing. The prize pool goes entirely to auditors.
The other 4% is reserved for a QA pool, which is paid to the top 3 QA reports, which encompass all “Quality Assurance” or informational issues—minor gas optimizations, nitpicks, and improvement suggestions about the code. Most of our customers find these QA reports to be valuable, so we include this along with the 96% High/Medium pool. This also goes entirely to auditors.
The judging fee goes to the competition’s judge. Judges are independent auditors who triage and assess the reported bugs’ validity and severity. There are often hundreds or even thousands of submitted reports to triage. This is a tedious (and thankless) job that our clients don’t want to do. Judges are personally vetted and KYC’ed by the Code4rena team, but they aren’t our employees. In other words, the judging fee doesn’t go to us.
Of course, we’re able to tailor this model for individual customers. For example, some clients prefer no QA pool because they don’t need QA reports. Some clients want a tiered conditional pool (partial refund if no Highs found, and full refund if no Highs OR Mediums found). Some want an unconditional pool, which was a popular contest setup circa ~2022.
But how will you make money?
Zellic is a profitable business. We make money doing traditional private audits for our clients through Zellic↗ and Zenith↗. We benefit from making Code4rena a public good in two ways. First, our clients are more secure after they run contests, which benefits Zellic (we care about our track record). Second, Code4rena is an important talent pipeline for Zenith. Think about it this way: we’re making Code4rena a public good, similar to Cloudflare’s generous free tier, or Google giving users Gmail, Google Docs, and so on.
Our ability to offer this for free will of course depend on Code4rena’s capacity and ability to service competitions at scale. If there turns out to be a huge influx of demand, we might have to adjust this policy. For the time being, we’re happy to offer contests for free.
Will you stop investing in Code4rena?
Absolutely not. Since we acquired Code4rena, we’ve continued to invest in the platform and the community. The past few months alone, we’ve shipped several key features that we think are essential for a competitive audit platform. These include In-App Judging↗, the option to enable mandatory POCs↗, Live Judging, and a sponsor UI overhaul. Beyond that, we have several features planned that are already under development, which we’ll be shipping over the next few weeks.
In general, Code4rena is an important part of pre-launch security for any project—including our clients. In the same way that we care about our clients’ experience in our private audits, we want them to have an excellent experience with us in our audit competitions as well. We have a vested interest in the continued development and long-term growth of the platform. That’s why Code4rena has a dedicated engineering and product team that will continue to maintain and improve the platform.
Conclusion
Code4rena does audit contests. Audit contest platforms should exist to serve the ecosystem, not to extract from it. You can run an audit contest for free on Code4rena. We’d be happy to help. You can reach out to us here↗.