The Client bears the cost of the audit, referred to as the reward pool, and the Host organizes the structure of the reward pool. The reward pool structure is dynamically designed to incentivize the auditors and adequately maximize the quality of audits. The Host is assumed to charge a fixed fee in addition to the reward pool.

• Lead Auditor: The lead auditor is greatly incentivized with a fixed guaranteed percentage ($P_L$%) of the reward pool. It is recommended that $20 \leq P_L < 50$.

• Bug Bounty: A fixed percentage ($P_B$%) of the reward pool is reserved for the bug bounty and is used to incentivize the public to identify vulnerabilities in the protocol AFTER the mitigation of findings from the first phase. It is recommended that $P_L \leq P_B < 50$. The bug bounty pool is distributed to the lead auditor if no vulnerabilities are found during the bug bounty phase.

• Dynamic Pool: A fixed percentage ($P_D$) of the reward pool is reserved as a dynamic pool. This pool will be rewarded to the lead auditor or the bounty hunters based on the lead auditor's performance. It is recommended that $P_D = 50 - P_L$.

• Selective Competition Pool: A fixed percentage ($P_C$) of the reward pool is reserved for the selective competition pool and is used to incentivize the contestants to identify vulnerabilities in the protocol AFTER mitigating findings from the second phase. It is recommended that $10 \leq P_C \leq 15$. As this phase allows for LOW risks, this pool will likely always be distributed to the contestants.

• Judge: The judge is involved in all phases and incentivized by the reward pool's fixed guaranteed percentage ($P_J$). It is recommended that $5 \leq P_J \leq 15$.

Default Pool Structure

The default pool structure is assumed to be $P_L=30, P_B=30, P_D=20, P_C=10, P_J=10$.