Shadow Arena

Audit Real Protocols. Find Real Bugs.

Review actual DeFi protocols that went through public security contests. Submit findings, get scored against known vulnerabilities, and learn what you missed.

1. Start Your Audit

Choose a protocol, read the docs, and begin your 7-day individual timer. Review the codebase and hunt for vulnerabilities.

2. Submit Findings

Report vulnerabilities one by one using structured templates. Include severity, affected code, impact, and your recommended fix.

3. Learn from Results

After your timer expires, see how your findings compare to actual contest results. Learn what you missed and why.

Scoring

Earn Points (True Positives)

Critical+100

High+75

Medium+50

Low+20

Informational+5

Same root cause counts as one finding. Duplicates score 0.

False Positive Penalties (Progressive)

FP #1 to #3Free. You're learning.

FP #4 to #6Mild penalty.

-5

FP #7 to #10Getting costly.

-15

FP #11+Heavy. Stop spraying.

-50

A few wrong guesses are fine. Spamming findings to game the system is not.

Has your protocol been audited?

Get a free community re-audit of the same commit hash your auditors reviewed. Hundreds of builders will review your codebase as part of their learning, and you get fresh eyes on your protocol at zero cost. All you need to do is share your code for educational use.

Message me on Telegram

Available Shadow Audits

DEX/AMMIntermediate

Shadow Arena #001: Basin

Composable DEX with ConstantProduct2 (x * y = k). 10 files, 1,145 SLOC. Find the 14 vulnerabilities discovered in a $40k public contest.

14 findings7 daysPublic leaderboard

Prepare with the Build Module

Complete the Uniswap V2 Build module first for maximum context. You will understand the codebase deeply because you built it, making the shadow audit a natural next step.

Start Building