Swafe Mitigation Review: Round 2
No passwords. No backup phrases. No trusted companies. Swafe protects your access — securely, privately, and on your terms.
- Start date30 Mar 2026
- End date1 Apr 2026
- Total awards$12,000 in USDC
- Duration2 days
- Details
Swafe Mitigation Review, Round 2
Prize pools are outlined in the Round 1 mitigation review repo. Wardens must participate in all rounds to be eligible for awards.
Refer to the Warden guidelines for C4 mitigation reviews for details on multi-round mitigation reviews.
- Starts March 30, 2026 20:00 UTC
- Ends April 1, 2026 20:00 UTC
Important note
Each warden must submit a mitigation review for every individual item listed in the Scope section below. Incomplete or insufficient mitigation reviews will not be eligible for awards.
Scope
Mitigation of Low Severity Issues
Mitigations of Low Severity issues listed here will be considered in-scope:
| Fix | Mitigation of | Notes |
|---|---|---|
Commit 792d1c9 | S-210: Invalid guardian shares bypass threshold after voting, causing panic or wrong recovery key during reconstruction | check threshold before recovering RIK |
Commit b273100 | S-867: Secrets Not Zeroized on Drop - Memory Disclosure Risk | zeroize VDRF types |
Commit f030a11 | S-475: Critical API-Sanity Violation: Shamir Share Generation Allows t > n, Producing Unrecoverable Secrets | validate threshold in update_recovery |
Out of Scope
All other issues arising from the Swafe audit and/or the preceding mitigation review.