Public security competition works the following way: a prize-pot of funds will be available to be shared among participants who score points. A high severity submission is worth 10 points and a medium severity submission is worth 3 points.
In case when two different members submit duplicate findings, the number of points that each person will be scaled down. The scaling formula is
is the total number of duplicated findings. For example, if there were duplicated findings for a high severity bugs, instead of getting 10 points each, each would be awarded 4.5 points. In case of 3 duplicates, each person gets 2.7 points.
The scoring mechanism incentivizes unique findings, so finding the one bug that everyone missed can help you get a large payout.
Does it matter who submitted the finding first? No, every finding is scored the same regardless of when it was submitted during the contest duration. We highly encourage you to spend time writing great findings. We also encourage submitting it as soon as you have a great write-up. This way, the team can often leave feedback on the finding and plan for fixes. We particularly want to discourage people who submit findings at the last moment.
Can I withdraw findings that I submitted? Yes, you can withdraw findings by going to the finding context menu and clicking 'withdraw finding'.
How are low-severity / informational / gas-optimization scored and judged? Some competitions may have a pool reserved for low-severity, informational and gas-optimization. This would be explicitly mentioned in the competition specific page, and these prizes are awarded for the top findings. Note: only quality of the findings are considered, not quantity. Excellent writeups for high and medium severity findings can also get awards from this separate pot.