About the Project
DZap is a new decentralized platform that aims to deliver a breakthrough in user experience for trading in DeFi.
The goal of DZap is to “Unify multi-step processes in DeFi into one”.
In DeFi, the time it takes to conduct a swap between two tokens, the high gas costs, and slippage are obstacles to effective execution. DZap is set to tackle these challenges. DZap‘s vision is to enable everyone in the world to effortlessly invest and trade multiple tokens and, eventually NFTs. We developed batch buy/sell support for tokens by using the best DEX aggregator. We aim to optimise investment opportunities in the existing crypto ecosystem.
Project Scope
Contract | Description |
AccessManagerFacet.sol | In Scope |
DexManagerFacet.sol | In Scope |
DiamondCutFacet.sol | In Scope |
DiamondInit.sol | In Scope |
FeesFacet.sol | In Scope |
WithdrawFacet.sol | In Scope |
Swapper.sol | In Scope |
LibAccess.sol | In Scope |
LibAllowList.sol | In Scope |
LibAsset.sol | In Scope |
LibFees.sol | In Scope |
LibPermit.sol | In Scope |
LibSwap.sol | In Scope |
LibUtil.sol | In Scope |
SwapFacet.sol | In Scope |
CrossChainFacet.sol | In Scope |
Validatable.sol | In Scope |
LibBridgeStorage.sol | In Scope |
Executor.sol | In Scope |
Receiver.sol | In Scope |
Interfaces | Out of Scope |
LibBytes | Out of Scope |
Create2Deployer | Out of Scope |
Our Quill Red Team has launched a bug bounty program aimed at promoting cybersecurity awareness and engaging a wide range of users, including those who have yet to adopt secure practices. We believe that for people to embrace secure technologies, they need to see tangible benefits and value in doing so.
We want to make web3 better, and we need your help! If you discover any security issues or bugs in the different projects, we'd love to hear about them. The most impactful findings will be rewarded with great rewards. So, join our bug bounty program and let's work together towards a safer web3!
Here are some important points to note:
- We are specifically looking for vulnerability discoveries or bug reports rather than general ideas.
- While we recommend submitting at least 3 vulnerability discoveries, there is no maximum limit to the number of submissions. However, we value quality and impact over quantity.
- We have provided an optional template for your convenience, which will not affect the evaluation process if you choose not to use it.
- If you decide to use the template, please make a copy, include your name, and compile your vulnerability discoveries in a single document.
- The winners will be selected based on the most impactful and viable submissions. Please refer to the evaluation criteria outlined below for more details.
How to Participate Independently:
- Register: To participate, you need to register for the bug bounty program on our platform or follow the registration instructions provided in the program details.
- Conduct Research: Review the project details and begin your security assessment within the authorized scope.
- Report Vulnerabilities: If you find any potential vulnerabilities, please report them responsibly via our bug bounty platform or email. Use the provided "Report Submission Template" below to ensure all necessary information is included.
- Verification: Our security team will review your report, and you may be asked for additional details or proof of concept if required.
- Reward: If your submission is accepted and qualifies for a bounty, we will contact you to discuss the reward and payout details.
Reward Structure
Severity Level | Reward |
Critical | $1000 |
High | $750 |
Medium | Tiebreaker Points |
Low | Tiebreaker Points |
Informational | Tiebreaker Points |
Critical
: Critical vulnerabilities are the ones that could cause the most damage. These can include issues like successful attacks that allow the theft of cryptocurrency or unauthorized access to sensitive data.High
: High vulnerabilities are significant issues that could greatly affect the functioning of the project but are not as damaging as critical vulnerabilities. This could include things like Denial of Service (DoS) attacks.Medium
: Medium vulnerabilities are less severe but should still be addressed promptly. This can include things like minor security misconfigurations or access control issues.Low
: Low vulnerabilities are typically minor issues that pose a small risk to the project. These are often best-practice or compliance-related issues.Informational
: Note-level findings typically represent a very low risk but are still worth reporting for completeness and to suggest improvements.
🥇 First Prize
- $ USD
- Recognition as a Quill Red Team Member
- Exposure through our cybersecurity newsletter and Quill Red Team platform
🥈 Second Prize
- $ USD
- Recognition as a Quill Red Team Member
🥉 Third Prize
- $ USD
- Recognition as a Quill Red Team Member
Evaluation Criteria
Depth & Clarity
- Are your vulnerability discoveries clearly articulated and well-documented?
- Do they provide sufficient information and context along with the PoC for the judging panel to assess their severity and impact?
- Submissions will be evaluated based on the significance of the vulnerabilities, their potential impact, and the feasibility of exploitation.
Submission Details
Participants may choose to utilize the provided template for their submission, but it is not mandatory.
We recommend submitting a minimum of 3 vulnerability discoveries, ideally 5. If possible, include a detailed description of the vulnerabilities and any necessary supporting materials.
You are welcome to submit any number of vulnerability discoveries.
Please ensure that your submission link has the "Share" settings set to "Anyone with the link can view."
If you have referenced any external sources in your vulnerability discoveries, please provide appropriate citations. Submissions containing plagiarized content exceeding 5% will be disqualified.
Submission Template
Title: [Briefly describe the vulnerability]
Project: [Name of the web3 project]
Severity: [Critical/Major/Medium/Low]
Description: [Provide a detailed description of the vulnerability]
Steps to Reproduce:
- [Step 1]
- [Step 2]
- [Step 3]
- [etc.]
Impact: [Explain the potential impact of the vulnerability]
Screenshots/Proof of Concept: [If applicable, provide screenshots or a proof of concept to demonstrate the vulnerability]
Affected Versions: [List the versions of the project affected by the vulnerability]
Additional Information: [Any other relevant details]
Contact Information:
Pseudo Identity:
Wallet Address
Bug Bounty Submission Document
Submission Details:
Name: [Your Name]
Email: [Your Email Address]
Date: [Date]
Summary:
Please provide a brief summary of your bug bounty submission, highlighting the key vulnerabilities discovered and their potential impact.
Bug Bounty Submission:
Title: [Title of the Vulnerability Discovery]
Description:
[Provide a detailed description of the vulnerability discovered, including the affected system, components, or software.]
Steps to Reproduce:
[Outline the step-by-step procedure to reproduce the vulnerability, including any specific configurations or inputs required.]
Impact:
[Explain the potential impact of the vulnerability, such as the risks posed to data confidentiality, integrity, or system availability.]
Affected Systems:
[List the systems, platforms, or components that are affected by the discovered vulnerability.]
Recommendations:
[Suggest mitigation or remediation steps to address the vulnerability, including any patches, fixes, or best practices to follow.]
Supporting Materials:
[Include any additional supporting materials, such as code snippets, screenshots, or network traces, to enhance the understanding and evaluation of the vulnerability.]
References:
[Cite any external sources or references used during the discovery process.]
Declaration:
I hereby declare that this bug bounty submission is my original work and does not contain plagiarized content. I understand that submissions containing plagiarized or fraudulent information will be disqualified from consideration.
Signature: [Your Full Name]
For guidelines on creating exceptional vulnerability discoveries, please refer to our documentation on effective bug reporting. (to do)
If you have any questions or need clarifications, please contact us via direct message on Telegram or through Discord.📩
Disclaimer: Participating in this initiative is entirely voluntary. The bug bounty program provides an opportunity to explore and contribute to the field of cybersecurity. Please note that these bounties do not constitute full-time employment or project-based engagements. Due to the high volume of entries we receive, personalized feedback will not be provided by our team.
Before submitting any queries, please review our terms of engagement.
About QuillAudits
0
Simplifying DeFi Swaps Revolutionizing DeFi, DZap simplifies trading processes by unifying steps, mitigating challenges like high gas costs and slippage. The platform envisions a seamless global experience, enabling easy investment and trading of various tokens and NFTs.