> For the complete documentation index, see [llms.txt](https://dualguard.gitbook.io/dualguard/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://dualguard.gitbook.io/dualguard/faq.md).

# FAQ

#### **What is DualGuard?**

DualGuard is a Web3 security company for onchain systems where software directly controls capital. We provide Competitive Security Reviews, Mitigation Reviews, and Pre-Launch Bug Bounties.

DualGuard does not offer post-launch bug bounties yet.

**What does “till success security” mean?**

As long there are Medium severity issues found in the codebase we recommend to review the code before launching.

**What types of vulnerabilities does DualGuard focus on?**

The work is designed to catch issues that commonly lead to loss of funds or broken protocol guarantees, including:

access control and privilege paths, accounting/invariant breaks, reentrancy and callback risk, oracle and price-manipulation surfaces, MEV and sequencing risk, upgrade and admin-key assumptions, cross-contract and cross-chain integration failures, and unsafe external dependency trust boundaries. Coverage depends on scope and program type.

**What is a Competitive Security Review?**

A Competitive Security Review is a public program where many independent guards analyze the same defined scope concurrently under clear incentives. The emphasis is breadth, throughput, and multiple independent lines of attack.

**How are Lead Guards selected?**

See [How Lead Guards are Selected](/dualguard/security-reviews/guards/how-lead-guards-are-selected.md).

**How are contests judged?**

See [Judging](/dualguard/security-reviews/judges.md).

**How is a contest prize pool split?**

See [Prize Pool Distribution](/dualguard/security-reviews/security-reviews-for-protocol-teams.md#prize-pool-distribution).

**What does “mitigation review” mean?**

Mitigation Review is a 2-step process to enhance the protocol's security after the recommended fixes were made:

* The 2 Lead Judges, the 2 Lead Guards and the contest winner work closely with the protocol team to help them implement the recommended mitigations while taking into account the protocol’s intended invariants
* The 2 Lead Guards and the contest winner review the codebase after the fixes were implemented  to report any vulnerability that can be found in the codebase. The 2 Lead Judges will evaluate the reported issues and communicate them to the protocol team

**Do you offer post-launch bug bounties?**

Not yet. DualGuard currently focuses on pre-launch security.

**Does DualGuard guarantee the protocol won’t be exploited?**

No. The goal is to materially reduce risk by identifying and fixing vulnerabilities, clarifying trust assumptions, validating invariants, and maintaining scrutiny as the system evolves. Outcomes depend on scope definition, code maturity, change cadence, operational controls, and integration complexity. DualGuard will advise to have your code reviewed as long as Medium severity issues are found.

**What languages and protocol types can DualGuard support?**

DualGuard supports reviews across Cairo, Circom, Cosmos, Dart, FunC, Go, JavaScript, Move, Noir, Python, Rust, Solidity, Sway, Tact, TypeScript, Vyper, and Yul.

Supported protocol categories include Bridge, CDP, Cross Chain, Derivatives, Dexes, Lending, Liquid Staking, Oracle, RWA, Yield, and many others.

See the full list on [Supported Languages and Protocol Types](/dualguard/miscellaneous/supported-languages-and-protocol-types.md).
