Security: Audits & Bug Bounty
Security is a foundational principle at Zybra Finance. We are committed to ensuring the highest standards of security for our protocol through rigorous audits, continuous monitoring, and an active bug
Smart Contract Audits
Completed Audits
Our protocol's core contracts have undergone comprehensive security audits by industry-leading firms:
Certik
Status: Coming soon
Scope: All core protocol contracts including ZybraVault, ZRUSD, and ZFI token
Focus: Economic vulnerabilities, reentrancy, access control, logical flaws
Quantstamp
Status: Coming soon
Scope: RWA integration contracts for both Centrifuge and Swarm implementations
Focus: Oracle manipulation, liquidation mechanisms, economic risk analysis
Code4rena
Status: Coming soon
Scope: Comprehensive contest covering all protocol contracts
Focus: Community-driven identification of security issues and optimizations
Automated Security Tools
In addition to manual audits, we employ industry-standard automated security analysis tools:
Slither: Static analysis framework for vulnerability detection
Mythril: Symbolic execution for security vulnerabilities
Echidna: Fuzzing and property-based testing
Manticore: Symbolic execution tool for smart contract security
Scribble: Runtime verification through property-based testing
Bug Bounty Program
Overview
Our bug bounty program rewards security researchers who identify and responsibly disclose potential vulnerabilities in the Zybra Finance protocol. The program will be hosted on Immunefi, the leading bug bounty platform for Web3.
Immunefi Program
Our official bug bounty program will be available on Immunefi:
Status: Coming soon
Platform: Immunefi
Program Link: Coming soon
Immunefi provides a secure platform for vulnerability reporting with standardized severity classifications and a transparent reward process.
Rewards
Critical
Issues that enable theft of funds, permanent freezing of funds, or other severe impact
Coming soon
High
Issues that could lead to loss of funds under specific conditions or compromise core protocol functionality
Coming soon
Medium
Issues that could disrupt protocol operations without direct risk to user funds
Coming soon
Low
Functional issues with minimal security impact
Coming soon
Scope
The following contracts are in scope for our bug bounty program:
ZybraVault.sol
(Centrifuge-based implementation)ZybraVault.sol
(Swarm-based implementation)ZRUSD.sol
ZFI.sol
Configurator.sol
All related libraries and interfaces
Submission Process
To submit a vulnerability report:
Prepare a detailed report with reproducible steps
Include potential impact assessment
Submit through our secure reporting channel (coming soon)
Our security team will acknowledge receipt within 24 hours
Vulnerability will be evaluated and assigned severity
Bounty will be paid after successful validation and fix implementation
Responsible Disclosure
We follow responsible disclosure principles:
Please allow us reasonable time to address confirmed vulnerabilities
Public disclosure only after patches are deployed
Coordination on disclosure timing to protect users
Security Best Practices
Our development process incorporates security at every stage:
Comprehensive test coverage with unit and integration tests
Formal verification for critical contract components
Strict access control and privilege separation
Input validation and parameter bounds checking
Gas optimization without compromising security
Regular security training for all developers
Security Contacts
For security-related inquiries or to report vulnerabilities:
Email: security@zybra.finance (coming soon)
Secure reporting portal: Coming soon
Our commitment to security is ongoing and evolving. We continuously monitor and enhance our security measures to protect user funds and maintain the integrity of the Zybra Finance protocol.
Last updated