Summary: CodeHawks is Cyfrin’s contest-and-judging surface, not a category anchor on its own. The useful part is the explicit operating model: sponsors fund a time-boxed competition, Hawks submit findings, judges split into community and lead phases, and payout formulas punish duplicate crowding instead of pretending crowd review settles itself.
What it does:
Runs public and private competitive smart-contract audits where security researchers compete to find vulnerabilities in scoped codebases
Splits the contest process into explicit phases including announcement, kickoff, time-bound auditing, community judging, lead judging, appeals, and reward distribution
Uses a three-sided operating model of sponsors, Hawks (auditors), and judges, with judges responsible for validating, deduplicating, and ranking submissions
Pays researchers from funded prize pools using severity-weighted share formulas, with high-risk findings weighted above medium findings and duplicate counts reducing each finding’s payout share
Provides a beginner funnel through First Flights, which makes researcher education and laddering part of the platform design rather than a separate community sidecar
Sits inside a broader Cyfrin security-and-education stack that also includes audits, training, public reports, and tooling, which matters because discovery, training, and auditor supply are partly integrated rather than fully open-market
Key claims:
The docs describe CodeHawks as a competitive smart-contract audit marketplace powered by Cyfrin, with both public competitive audits and private competitive audits available to sponsors
The intro docs explicitly define the three core roles as sponsors, judges, and Hawks, which makes role separation a first-class part of the platform rather than an implied back-office workflow
The competition docs break the process into announcement, kickoff, auditing, community judging plus lead judging, appeals, and rewards, showing that judging and dispute windows are part of the productized control plane
The judging docs say community judging and lead judging are separate phases, with eligible community judges submitting assessments through the portal before a lead judge finalizes outcomes
The payouts docs publish concrete reward formulas: medium-risk shares are 1 * (0.9^(findingCount - 1)) / findingCount, while high-risk shares are 5 * (0.9^(findingCount - 1)) / findingCount, which means duplicate crowding reduces per-finding value and severity weighting is encoded directly into reward allocation
The payouts docs also make duplicate handling explicit by defining duplicates around shared root cause rather than submitted severity labels alone
The Cyfrin docs present First Flights as beginner-friendly competitions, which means CodeHawks is not only a finding market but also a researcher-onboarding and skills-distribution surface
The Cyfrin GitHub organization shows CodeHawks living beside Cyfrin audit reports, education, and security tools, which is useful because platform power may partly sit in the integrated pipeline that trains, attracts, and routes auditors rather than in the contest UI alone
Whitepaper: No canonical CodeHawks whitepaper or litepaper surfaced in this pass. The clearest current sources of truth were the official docs for the intro, competition lifecycle, judging process, payout formulas, and Cyfrin overview, saved in ../whitepapers/codehawks-primary-sources-2026-05-15.md.