Security

Audits

AfiUSD Contracts (1st August, 2025)

Cantina Private Audit Report

The Cantina private audit report on AfiUSD smart contracts highlighted 1 critical issue along with a few medium and low-level issues, all of which were promptly addressed and subsequently verified by the auditors.

afiUSD Security Review Report by Independent Researchers ( 20th August, 2025)

The audit report by independent researchers, zuhaibmohd and 0xWeb3boy on AfiUSD smart contracts highlighted a few low-level issues, all of which were promptly addressed and subsequently verified by the auditors.

46KB
afiUSD_Audit_Review.pdf
pdf

Bug Bounty & Responsible Disclosure Program

At afiUSD, we prioritize user trust and adhere to the highest privacy and security standards. To reinforce this commitment, we actively invite security researchers to identify vulnerabilities and collaborate with us in resolving them swiftly and effectively. We value the security research community and fully support responsible disclosure. Through our Bug Bounty Program, we reward researchers who help enhance the security and resilience of the afiUSD ecosystem.

Responsible Disclosure Program Rules

  • Include detailed, reproducible steps in your reports. Issues that cannot be reproduced will not be eligible for rewards.

  • Submit one vulnerability per report unless multiple vulnerabilities need to be chained to demonstrate impact. In cases of duplicate reports, only the first reproducible submission will be rewarded.

  • Vulnerabilities stemming from the same root cause will be treated as a single issue and awarded a single bounty.

  • Social engineering attacks (e.g., phishing, vishing, smishing) are strictly prohibited.

  • Do NOT exploit or test vulnerabilities on the afiUSD mainnet contracts. Use test/fork environments only.

  • Only Medium- and High-severity vulnerabilities are eligible for rewards. Low-severity or informational findings are appreciated but may not qualify for payouts.

Reporting & Response

Researchers can report vulnerabilities by emailing our security team at [email protected]

  • Initial Response: within 24 hours

  • Issue Triage: within 2-3 business days

  • Fix Timelines: vary based on severity

  • Bounty Payments: processed after the fix is verified.

By working together, afiUSD and the security community ensure the highest standards of safety and reliability for our protocol.

PreviousRisk Management FrameworkNextOracles

Last updated