Zybra general documentation
  • 🏦INTRODUCTION
    • Markets
    • FAQs
    • Contracts
    • Token Utility
      • 🟡 $ZrUSD
      • 🟢 $ZFI
    • Links
  • 📖Disclosure statements
    • Legal
    • Security: Audits & Bug Bounty
    • Terms of Use
    • Privacy Policy
    • Risks
  • 🌍COMMUNITY
    • Telegram
    • Discord
    • X(Twitter)
    • Blog
Powered by GitBook
On this page
  • Smart Contract Audits
  • Bug Bounty Program
  • Security Best Practices
  • Security Contacts
  1. Disclosure statements

Security: Audits & Bug Bounty

Security is a foundational principle at Zybra Finance. We are committed to ensuring the highest standards of security for our protocol through rigorous audits, continuous monitoring, and an active bug

Smart Contract Audits

Completed Audits

Our protocol's core contracts have undergone comprehensive security audits by industry-leading firms:

Certik

  • Status: Coming soon

  • Scope: All core protocol contracts including ZybraVault, ZRUSD, and ZFI token

  • Focus: Economic vulnerabilities, reentrancy, access control, logical flaws

Quantstamp

  • Status: Coming soon

  • Scope: RWA integration contracts for both Centrifuge and Swarm implementations

  • Focus: Oracle manipulation, liquidation mechanisms, economic risk analysis

Code4rena

  • Status: Coming soon

  • Scope: Comprehensive contest covering all protocol contracts

  • Focus: Community-driven identification of security issues and optimizations

Automated Security Tools

In addition to manual audits, we employ industry-standard automated security analysis tools:

  • Slither: Static analysis framework for vulnerability detection

  • Mythril: Symbolic execution for security vulnerabilities

  • Echidna: Fuzzing and property-based testing

  • Manticore: Symbolic execution tool for smart contract security

  • Scribble: Runtime verification through property-based testing

Bug Bounty Program

Overview

Our bug bounty program rewards security researchers who identify and responsibly disclose potential vulnerabilities in the Zybra Finance protocol. The program will be hosted on Immunefi, the leading bug bounty platform for Web3.

Immunefi Program

Our official bug bounty program will be available on Immunefi:

  • Status: Coming soon

  • Platform: Immunefi

  • Program Link: Coming soon

Immunefi provides a secure platform for vulnerability reporting with standardized severity classifications and a transparent reward process.

Rewards

Severity
Description
Bounty Range

Critical

Issues that enable theft of funds, permanent freezing of funds, or other severe impact

Coming soon

High

Issues that could lead to loss of funds under specific conditions or compromise core protocol functionality

Coming soon

Medium

Issues that could disrupt protocol operations without direct risk to user funds

Coming soon

Low

Functional issues with minimal security impact

Coming soon

Scope

The following contracts are in scope for our bug bounty program:

  • ZybraVault.sol (Centrifuge-based implementation)

  • ZybraVault.sol (Swarm-based implementation)

  • ZRUSD.sol

  • ZFI.sol

  • Configurator.sol

  • All related libraries and interfaces

Submission Process

To submit a vulnerability report:

  1. Prepare a detailed report with reproducible steps

  2. Include potential impact assessment

  3. Submit through our secure reporting channel (coming soon)

  4. Our security team will acknowledge receipt within 24 hours

  5. Vulnerability will be evaluated and assigned severity

  6. Bounty will be paid after successful validation and fix implementation

Responsible Disclosure

We follow responsible disclosure principles:

  • Please allow us reasonable time to address confirmed vulnerabilities

  • Public disclosure only after patches are deployed

  • Coordination on disclosure timing to protect users

Security Best Practices

Our development process incorporates security at every stage:

  • Comprehensive test coverage with unit and integration tests

  • Formal verification for critical contract components

  • Strict access control and privilege separation

  • Input validation and parameter bounds checking

  • Gas optimization without compromising security

  • Regular security training for all developers

Security Contacts

For security-related inquiries or to report vulnerabilities:

  • Email: security@zybra.finance (coming soon)

  • Secure reporting portal: Coming soon


Our commitment to security is ongoing and evolving. We continuously monitor and enhance our security measures to protect user funds and maintain the integrity of the Zybra Finance protocol.

PreviousLegalNextTerms of Use

Last updated 23 days ago

📖