> ## Documentation Index > Fetch the complete documentation index at: https://docs.cantina.xyz/llms.txt > Use this file to discover all available pages before exploring further. # How Cantina Audits Work > A complete guide to how Cantina security audits work — from scoping and researcher matching through findings, remediation, and the final report. # How Cantina Audits Work **Cantina security audits** are structured, expert-led reviews of your codebase conducted by vetted security researchers from the Spearbit network. ## Audit Formats | Format | Best For | How It Works | | --------------------- | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | | **Competitive Audit** | Maximum coverage | Multiple independent researchers audit simultaneously; findings ranked by severity and rewarded from a shared prize pool | | **Private Audit** | Sensitive codebases, tight timelines | Dedicated team of matched researchers works exclusively on your code | ## The Audit Process ### Step 1 — Scoping Define code in scope, nLoC, format, and timeline. [Start here](https://cantina.xyz/security-reviews). ### Step 2 — Researcher Matching Cantina matches researchers to your stack (Solidity, Rust, Go, Python, Web2 frameworks). ### Step 3 — Review Period Researchers audit via Cantina Code, submitting findings with write-ups and PoCs. ### Step 4 — Judging Findings are severity-classified, deduplicated, and researchers may escalate disputes. ### Step 5 — Remediation Your team fixes findings and marks them Fixed, Acknowledged, or Disputed in Cantina Code. ### Step 6 — Final Report You receive a signed report: executive summary, all findings by severity, and researcher attestations. ## Severity Levels | Severity | Description | Example | | ----------------- | ---------------------------------- | -------------------------- | | **Critical** | Immediate risk of fund loss | Unchecked reentrancy | | **High** | Significant impact with conditions | Access control bypass | | **Medium** | Moderate impact | Incorrect accounting logic | | **Low** | Minor / best-practice violations | Unlocked pragma | | **Informational** | No security impact | Gas optimization | ## Frequently Asked Questions ### What is the difference between a competitive and private audit? A competitive audit opens your codebase to multiple independent researchers simultaneously for maximum coverage. A private audit assigns a dedicated, curated team — better for sensitive code or tight confidentiality requirements. ### How long does a Cantina audit take? Most competitive audits run 1–4 weeks. Private audits can be scoped shorter. Judging and report delivery add 1–2 weeks post-review. ### How much does a Cantina audit cost? Pricing depends on codebase size, format, and timeline. [Contact Cantina](https://cantina.xyz/security-reviews) for a scoping estimate. ### What deliverables does my organization receive? A final audit report with all findings by severity, recommended remediations, and researcher attestations. ### Can we request a re-review after fixing findings? Yes, for private audit engagements. Reach out to [support@cantina.xyz](mailto:support@cantina.xyz). ## Ready to Start? [**Request an Audit →**](https://cantina.xyz/security-reviews) *** > **Maintained by the Cantina Security Team** · Last reviewed: March 2026 · [support@cantina.xyz](mailto:support@cantina.xyz)