🔶Finding Status

Below you can find a list with all the finding statuses used during a competition.

Finding StatusExplanation


Once a finding is submitted by the security researcher, it will be labelled as new by default.


On the occasion where the competition client disagrees with the judging decision of a finding, they would change the status of the finding to disputed while providing reasoning to the change.


Upon review, if the finding does not fit the criteria within the competitive scoring schema, the judge will list the finding as rejected.


A finding is marked as duplicate when it's the same issue reported by someone else. Duplicates are rewarded as well.

Potentially Duplicate

Similar functionality to Duplicate.


When the finding is valid, it will be labelled as confirmed and be awarded based on the competition prize pool.


After a finding is confirmed by the judge, the competition sponsor will have to acknowledge and double confirm the issue.


The sponsor after acknowledging issues can apply fixes to the code. This label is used for bookkeeping of issues already fixed.


When a finding is marked as spam, it typically refers to the issue reported being irrelevant, low-quality, automated and inappropriate. Both the judge and the sponsor can mark this status for findings.


If the researcher submits an issue and decides to withdraw it for any reason, the finding will be labelled as "Withdrawn".

Last updated