🪐
Cantina Docs
  • 🪐Welcome to Cantina
  • 🤝Services
    • Security Reviews
    • Competitions
    • Bug Bounty
    • Guilds
    • Public Goods
  • 💵Referral program
  • 📄Public Reports
  • 👑Reputation
  • 👥Cantina Account
    • 🔷Claim an Account
    • 🔷Company Account
      • 🔹Create a Company Account
      • 🔹Managing users
      • 🔹Company Dashboard
      • 🔹Company Reviews
    • 🔷Security Researcher Account
      • 🔹Create Security Researcher Account
      • 🔹Security Researcher Dashboard
      • 🔹Calendar
      • 🔹Reviews
      • 🔹KYC and Payments
  • 💻Cantina Code
    • 🕵️Cantina Code for Security Researchers
      • 🔶Code Review
        • 🔸Download content and toggle sidebar
        • 🔸Highlighting code
      • 🔶Findings
        • 🔸Findings Submission
        • 🔸Findings Labels
        • 🔸Findings Status
        • 🔸Add code to existing finding
        • 🔸Examples
      • 🔶Chat
      • 🔶Reports
      • 🔶Comments & Pings
      • 🔶Diagrams & Formulas
    • 🏢Cantina Code for Companies
      • 🗄️Responding to Pings
      • 🗄️Responding to Findings
      • 🗄️Report Generation
  • 🏆Cantina Competitions
    • 🕵️For Security Researchers
      • 🔶Payments
      • 🔶Teams
      • 🔶Finding Status
      • 🔶Finding Labels
    • 🏢For Companies
      • 🗄️Competition Submission Template
    • 🧑‍⚖️Judging Process
      • 📜Finding Severity Criteria
      • 📜Scoring
      • 📜Judging Phase
      • 📜Escalation Process
    • 🤝 Fellowship Steward Model
  • 💰 Cantina Bounties
    • Bounty Severity Classification
    • Mediation Process for Bounties
  • ✅ Cantina Bug Bounty Coverage
    • Cantina Coverage Details
  • ❓FAQ
    • ❔FAQ Competitions
    • ❔FAQ Security Reviews
  • 🔗Links
Powered by GitBook
On this page
  1. Cantina Code
  2. Cantina Code for Security Researchers
  3. Findings

Findings Submission

PreviousFindingsNextFindings Labels

Last updated 3 months ago

Finding Submission Process

There are two ways to start the finding submission process. By Highlighting code during a Code Reviewor clicking the "New Finding" button in the top right corner of the Findings section.

To submit a finding the following fields must be filled unless optional.

  • Severity: Extent of the damages or consequences caused if this were to be exploited. This metric is a product of other factors like Likelihood and Impact, it helps in understanding how critical the vulnerability is and determine the urgency of the remediation efforts. Severity levels often range from Critical (causing severe damage, such as loss of funds, denial of services, system failures..) to Low (resulting in minimal impact with no severe consequences).

  • Likelihood (optional): The probability of this vulnerability being exploited or triggered.

  • Impact (optional): Potential consequences if this were to be exploited or triggered.

  • Title: A concise label or headline for the finding. The title should be informative and quickly convey the essence of the vulnerability, making it easy for anyone to understand the nature of the issue at a glance.

  • Description: A detailed explanation which must clearly describe the existence of a problem, its cause and consequences using any available means to communicate the point such as tests, proofs of concept or Diagrams & Formulas.

    • Select template: Standard templates providing a structured writing format.

You can Add code to existing finding if it does not contain a highlighted area of code.

When the finding is submitted it will be displayed in the Findings section of the interface.

💻
🕵️
🔶
🔸
submit a finding
Security vulnerability submission interface.