Security: Audits & Bug Bounty

Security is a foundational principle at Zybra Finance. We are committed to ensuring the highest standards of security for our protocol through rigorous audits, continuous monitoring, and an active bug

Smart Contract Audits

Completed Audits

Our protocol's core contracts have undergone comprehensive security audits by industry-leading firms:

Certik

Status: Coming soon
Scope: All core protocol contracts including ZybraVault, ZRUSD, and ZFI token
Focus: Economic vulnerabilities, reentrancy, access control, logical flaws

Quantstamp

Status: Coming soon
Scope: RWA integration contracts for both Centrifuge and Swarm implementations
Focus: Oracle manipulation, liquidation mechanisms, economic risk analysis

Code4rena

Status: Coming soon
Scope: Comprehensive contest covering all protocol contracts
Focus: Community-driven identification of security issues and optimizations

Automated Security Tools

In addition to manual audits, we employ industry-standard automated security analysis tools:

Slither: Static analysis framework for vulnerability detection
Mythril: Symbolic execution for security vulnerabilities
Echidna: Fuzzing and property-based testing
Manticore: Symbolic execution tool for smart contract security
Scribble: Runtime verification through property-based testing

Bug Bounty Program

Overview

Our bug bounty program rewards security researchers who identify and responsibly disclose potential vulnerabilities in the Zybra Finance protocol. The program will be hosted on Immunefi, the leading bug bounty platform for Web3.

Immunefi Program

Our official bug bounty program will be available on Immunefi:

Status: Coming soon
Platform: Immunefi
Program Link: Coming soon

Immunefi provides a secure platform for vulnerability reporting with standardized severity classifications and a transparent reward process.

Rewards

Severity

Description

Bounty Range

Critical

Issues that enable theft of funds, permanent freezing of funds, or other severe impact

Coming soon

High

Issues that could lead to loss of funds under specific conditions or compromise core protocol functionality

Coming soon

Medium

Issues that could disrupt protocol operations without direct risk to user funds

Coming soon

Low

Functional issues with minimal security impact

Coming soon

Scope

The following contracts are in scope for our bug bounty program:

ZybraVault.sol (Centrifuge-based implementation)
ZybraVault.sol (Swarm-based implementation)
ZRUSD.sol
ZFI.sol
Configurator.sol
All related libraries and interfaces

Submission Process

To submit a vulnerability report:

Prepare a detailed report with reproducible steps
Include potential impact assessment
Submit through our secure reporting channel (coming soon)
Our security team will acknowledge receipt within 24 hours
Vulnerability will be evaluated and assigned severity
Bounty will be paid after successful validation and fix implementation

Responsible Disclosure

We follow responsible disclosure principles:

Please allow us reasonable time to address confirmed vulnerabilities
Public disclosure only after patches are deployed
Coordination on disclosure timing to protect users

Security Best Practices

Our development process incorporates security at every stage:

Comprehensive test coverage with unit and integration tests
Formal verification for critical contract components
Strict access control and privilege separation
Input validation and parameter bounds checking
Gas optimization without compromising security
Regular security training for all developers

Security Contacts

For security-related inquiries or to report vulnerabilities:

Email: security@zybra.finance (coming soon)
Secure reporting portal: Coming soon

Our commitment to security is ongoing and evolving. We continuously monitor and enhance our security measures to protect user funds and maintain the integrity of the Zybra Finance protocol.

PreviousLegal NextTerms of Use

Last updated 23 days ago

Security: Audits & Bug Bounty

Smart Contract Audits

Completed Audits

Our protocol's core contracts have undergone comprehensive security audits by industry-leading firms:

Certik

Status: Coming soon
Scope: All core protocol contracts including ZybraVault, ZRUSD, and ZFI token
Focus: Economic vulnerabilities, reentrancy, access control, logical flaws

Quantstamp

Status: Coming soon
Scope: RWA integration contracts for both Centrifuge and Swarm implementations
Focus: Oracle manipulation, liquidation mechanisms, economic risk analysis

Code4rena

Status: Coming soon
Scope: Comprehensive contest covering all protocol contracts
Focus: Community-driven identification of security issues and optimizations

Automated Security Tools

In addition to manual audits, we employ industry-standard automated security analysis tools:

Slither: Static analysis framework for vulnerability detection
Mythril: Symbolic execution for security vulnerabilities
Echidna: Fuzzing and property-based testing
Manticore: Symbolic execution tool for smart contract security
Scribble: Runtime verification through property-based testing

Bug Bounty Program

Overview

Immunefi Program

Our official bug bounty program will be available on Immunefi:

Status: Coming soon
Platform: Immunefi
Program Link: Coming soon

Immunefi provides a secure platform for vulnerability reporting with standardized severity classifications and a transparent reward process.

Rewards

Severity

Description

Bounty Range

Critical

Issues that enable theft of funds, permanent freezing of funds, or other severe impact

Coming soon

High

Issues that could lead to loss of funds under specific conditions or compromise core protocol functionality

Coming soon

Medium

Issues that could disrupt protocol operations without direct risk to user funds

Coming soon

Low

Functional issues with minimal security impact

Coming soon

Scope

The following contracts are in scope for our bug bounty program:

ZybraVault.sol (Centrifuge-based implementation)
ZybraVault.sol (Swarm-based implementation)
ZRUSD.sol
ZFI.sol
Configurator.sol
All related libraries and interfaces

Submission Process

To submit a vulnerability report:

Prepare a detailed report with reproducible steps
Include potential impact assessment
Submit through our secure reporting channel (coming soon)
Our security team will acknowledge receipt within 24 hours
Vulnerability will be evaluated and assigned severity
Bounty will be paid after successful validation and fix implementation

Responsible Disclosure

We follow responsible disclosure principles:

Please allow us reasonable time to address confirmed vulnerabilities
Public disclosure only after patches are deployed
Coordination on disclosure timing to protect users

Security Best Practices

Our development process incorporates security at every stage:

Comprehensive test coverage with unit and integration tests
Formal verification for critical contract components
Strict access control and privilege separation
Input validation and parameter bounds checking
Gas optimization without compromising security
Regular security training for all developers

Security Contacts

For security-related inquiries or to report vulnerabilities:

Email: security@zybra.finance (coming soon)
Secure reporting portal: Coming soon

Our commitment to security is ongoing and evolving. We continuously monitor and enhance our security measures to protect user funds and maintain the integrity of the Zybra Finance protocol.

PreviousLegal NextTerms of Use

Last updated 23 days ago