# Reporting Findings

## Introduction

After registering as a researcher on the platform, you will gain access to available competitions and can begin reporting your first vulnerabilities.

## Competition Types

At Bypassec, we offer two types of tournaments:

* <mark style="color:green;">**Public**</mark>: Accessible to all researchers.
* <mark style="color:purple;">**Private**</mark>: Restricted to high-performing researchers selected by Bypassec.

To view available competitions, access the "**Competitions**" tab within the platform.

<figure><img src="/files/0BRnLD1WnrQgPm6lrAhx" alt=""><figcaption></figcaption></figure>

Each competition has its own testing policy and scope, which can be viewed by clicking on the competition.

{% hint style="warning" %}
It is **strictly prohibited** to conduct tests on assets that are not explicitly defined in the scope section, as described in the Terms and Conditions of the platform.
{% endhint %}

## Reporting Vulnerabilities

To report a vulnerability, fill in all available fields and describe the exploitation process in detail.

<figure><img src="/files/KHVWlUkS7i25VK5x3iQo" alt=""><figcaption></figcaption></figure>

Once you have reported a vulnerability, you can track its progress in the "Dashboard" tab.

<figure><img src="/files/zuzPtQWOxuVpZg0vo3Qv" alt=""><figcaption></figcaption></figure>

## Report Validation

When vulnerabilities are reported, they undergo a validation process by the Bypassec team before their status is updated.

Incomplete reports or those lacking a clear description and reproduction steps will be automatically invalidated and will not be eligible for a reward. Similarly, vulnerabilities that do not demonstrate a relevant impact on the organization will be considered invalid.

{% hint style="info" %}
Reports are validated only after the tournament has concluded.
{% endhint %}

The available statuses are:

* <mark style="color:blue;">**Pending:**</mark> The vulnerability has been reported and will be validated by Bypassec at the end of the competition.
* <mark style="color:purple;">**Duplicate:**</mark> The vulnerability is valid and has also been reported by other researchers.
* <mark style="color:green;">**Valid:**</mark> The vulnerability is valid and unique.
* <mark style="color:red;">**Invalid:**</mark> The vulnerability is invalid and will not be eligible for rewards.

{% hint style="warning" %}
During the validation process, Bypassec may contact the researcher via email or Discord if the report requires additional information. The researcher will have **48 hours** to respond before the vulnerability is invalidated.
{% endhint %}

## File Uploads

All evidence regarding the reported vulnerability must be submitted through the platform's native upload feature.

{% hint style="danger" %}
It is **strictly prohibited** to store or submit evidence using applications that make them publicly available without any protection or credentials.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bypassec.com/the-platform/researchers/reporting-findings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.