Current Audit Status
Audit in Progress
Zenland V2 smart contracts are undergoing security review.
| Item | Status |
|---|---|
| Internal Security Review | ✅ Complete |
| Automated Analysis (Slither, etc.) | ✅ Complete |
| External Audit | 🔄 In Progress |
| Bug Bounty Program | 📋 Planned |
Security Practices
Code Quality
- Solidity 0.8+ — Built-in overflow protection
- OpenZeppelin contracts — Battle-tested libraries
- Comprehensive tests — Unit, integration, fuzz, invariant
- No floating pragma — Exact compiler versions
Review Process
Before deployment:- ✅ 100% test coverage target
- ✅ Internal security review
- ✅ Automated vulnerability scanning
- 🔄 External audit by reputable firm
- 📋 Testnet deployment and testing
- 📋 Mainnet deployment
Audit Reports
Once complete, audit reports will be published here:| Auditor | Scope | Date | Report |
|---|---|---|---|
| TBD | EscrowFactory, EscrowImpl, AgentRegistry, FeeManager | Pending | Pending |
Known Limitations
The following are known behaviors, not bugs:Fee-on-transfer tokens not supported
Fee-on-transfer tokens not supported
Tokens that charge fees on transfer will cause escrow amount mismatches. Only use whitelisted stablecoins.
Rebasing tokens not supported
Rebasing tokens not supported
Tokens that change balance over time (like stETH) are not supported.
Locked escrows can lock forever
Locked escrows can lock forever
This is intentional behavior for 2-of-2 escrows, not a vulnerability.
Escrows are immutable after creation
Escrows are immutable after creation
Once created, escrow rules cannot change. This is a security feature.
Vulnerability Disclosure
Found a security issue? Please report responsibly.How to Report
- Email: [email protected]
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact assessment
- Your suggested fix (optional)
What to Expect
| Timeframe | Action |
|---|---|
| 24 hours | Acknowledgment of your report |
| 72 hours | Initial assessment and severity rating |
| 7-14 days | Fix development (for critical issues) |
| After fix | Coordinated disclosure and credit |
Bug Bounty (Coming Soon)
We’re planning a bug bounty program with rewards based on severity:| Severity | Potential Reward |
|---|---|
| Critical (fund loss) | Up to $50,000 |
| High (frozen funds) | Up to $10,000 |
| Medium (DoS, griefing) | Up to $2,000 |
| Low (UI, informational) | Up to $500 |