Last updated: April 2026. The Zealynx Audit Grants program is operated by Zealynx Security, founded by Carlos Vendrell Felici. The Program runs in seasons, each with a defined application period, review period, and announcement date.
Voluntary participation. By submitting an application you agree to be bound by these Terms.
Open to Web3 protocols or projects with written smart contract code, completing a valid application, providing accurate and verifiable information, and having at least one team member with a verifiable public identity. Not eligible: competing security firms, protocols already engaged with Zealynx, projects without code, forks with no meaningful innovation, fully anonymous teams.
Three percentage-discount tiers: Core (100%, up to $32,000), Growth (50%, up to $16,000), Builder (25%, up to $8,000). Standard rate is $8,000 per auditor per week. One Core, two Growth, and multiple Builder grants are awarded per season.
100-point scale: Product Engagement (40, auto-calculated), Independent Builder (15, self-declared and verified at review — solo founder + auditor choice), Protocol Merit (45, scored by Zealynx review team). Partner-affiliated applicants can earn up to +10 bonus on top (chain partner +5, accelerator/incubator/hackathon partner +5). Final selection at Zealynx's sole discretion.
Account required. Drafts are editable. Once submitted, applications cannot be modified. False or misleading information is grounds for disqualification.
Optional Product Engagement tasks (Krait reports, eMBA modules, Shadow Audit — auto-verified) plus two self-declared Independent Builder signals on the team step. Independent Builder declarations are honour-system on the form and verified during human review — false declarations are grounds for disqualification.
Core: book audit within 60 days. Growth/Builder: claim within 30 days. Code freeze at audit kickoff. Zealynx publishes the report on its portfolio. Recipient provides testimonial and participates in case study. One fix review cycle included. Grants are non-transferable.
The audit report is co-owned. The recipient's codebase, protocol, and IP remain the recipient's property. Zealynx claims no rights to the recipient's tokens, equity, or revenue.
Services provided "as is". Aggregate liability capped at total fees actually paid by recipient (zero for Core grants). Audits identify vulnerabilities found during the review period; they do not guarantee the absence of all vulnerabilities.
Zealynx may modify these Terms with reasonable notice. Zealynx may cancel or postpone a season. Failure to meet grant conditions may result in reassignment.
Zealynx treats non-public materials shared during application/audit as confidential, with standard carve-outs (public information, prior knowledge, independent development, third-party receipt, legal compulsion). Marketing carve-out: post-publication, Zealynx may reference engagement existence, recipient name/logo, published report, and aggregate stats.
Core: no payment, nothing to refund. Growth/Builder: pre-kickoff cancellation refunds payment minus 10% admin fee (€250 minimum); post-kickoff = pro-rata at tier discount. Zealynx convenience cancellation = full refund. Zealynx for-cause = no refund. 30-day refund window. Season postponement rolls grant over unless declined.
Standard FM clause covering war, civil unrest, sanctions, public health emergencies, sustained DDoS, hosting outages, and natural disasters. 60-day termination right.
Applicants warrant non-listing on OFAC SDN, EU consolidated, UK HMT, and UN sanctions lists. Comprehensive-sanctions territory exclusions apply (Cuba, Iran, DPRK, Syria, Crimea, DNR/LNR; Russian Federation sectoral acknowledgement). Right to screen and terminate without refund for sanctions concerns.
30-day good-faith negotiation, then mediation (Polish mediation centre fallback), then exclusive jurisdiction of Wroclaw courts. Each party bears its own costs through mediation. Carve-out for urgent injunctive/interim relief.
Republic of Poland. UN CISG does not apply. English version controls translations. No implied partnership, agency, joint venture, employment, or permanent establishment.
Application data used solely for grant evaluation and program administration. Email addresses not shared with third parties. Full details: Privacy Policy.
Email: contact@zealynx.io. Telegram: @vendrell46.