All the contracts are open for external code auditors / white hats to verify the code. We're constantly running bug bounties and conducting security audits. The latest audits perfomed by Peckshield and Shellboxes can be found here:
Velvet.Capital partnered with Forta (the largest network of security intel in Web3) to get machine learning-generated intelligence about exploits, scams and other threats from a community of leading security experts.
Velvet.Capital also uses Open Zeppelin Defender 2.0, a security platform to code, audit, deploy, monitor, and operate the protocol, including its native integration with Forta.
Finally, Tenderly provides transaction simulation and real-time alerts for on-chain events, including any irregular activity.
We are thrilled to announce the launch of our Velvet Capital Bug Bounty Program in partnership with Hats Finance. This step underscores our unwavering commitment to security and excellence in the world of decentralized finance (DeFi). This is especially important as we just launched our next-gen DeFi operating system that allows anyone to create, launch, and manage on-chain funds, portfolios, & other structured products - seamlessly! Hats Finance is a leader in blockchain security solutions and we are honored to introduce a comprehensive bug bounty program with them.
Our bug bounty program is a proactive approach to discovering vulnerabilities, weaknesses, or bugs before they can be exploited by malicious actors. By incentivizing ethical hackers and security researchers with rewards, we aim to identify and rectify potential security issues within our systems.
Scope: The program extends to all Velvet.Capital smart contracts (and app/website for high & critical issues). Details available on our program page.
Rewards: Bounties are scaled according to the severity of the bug identified, as per the Common Vulnerability Scoring System (CVSS). Details available on our program page.
Low: Contract does not function as expected, with no loss of funds. Prize will be capped to 5% of the amount that could be frozen, extracted or at risk in production at the time of disclosure.
Medium:Contract consumes unbounded gas,block stuffing, griefing denial of service (i.e. attacker spends as much in gas as damage to the contract), gas griefing. Prize will be capped to 20% of the amount that could be frozen, extracted or at risk in production at the time of disclosure.
High: Token holders temporarily unable to transfer holdings ,users spoof each other, theft of yield - Transient consensus failures. Prize will be capped to 30% of the amount that could be frozen, extracted or at risk in production at the time of disclosure.
Critical: Empty or freeze the contract's holdings (e.g. economic attacks, flash loans, reentrancy, MEV, logic errors, integer over-/under-flow), Cryptographic flaws. Prize will be capped to the amount that could be frozen, extracted or at risk in production at the time of disclosure.
Reporting: Reports should be submitted via the Hats Finance platform, ensuring a transparent and effective communication channel between researchers and our security team.
We believe that security is not a one-time task but an ongoing commitment. Through this partnership, Velvet Capital and Hats Finance are dedicated to maintaining the highest security standards, building trust with our users, and fostering a secure DeFi ecosystem.
We invite ethical hackers, developers, and security enthusiasts to participate in our bug bounty program. Your expertise can contribute significantly to the resilience and robustness of Velvet Capital’s next-gen DeFi operating system and the greater DeFi ecosystem!
For more information on the program, including how to participate, reward structures, and terms and conditions, please visit our Bug Bounty Program page.