Legal Notice
SMART CONTRACT STATIC ANALYSIS SERVICE AGREEMENT
Free Analysis Program — Partner-Referred Developers
IMPORTANT NOTICE — PLEASE READ CAREFULLY BEFORE USING THE SERVICE. BY COMPLETING THE KYC PROCESS AND SUBMITTING YOUR SMART CONTRACT FOR ANALYSIS, YOU AGREE TO BE LEGALLY BOUND BY ALL TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE, DO NOT PROCEED.
1. Definitions
For purposes of this Agreement, the following terms shall have the meanings set forth below:
“Agreement” means this Smart Contract Static Analysis Service Agreement, including all exhibits and schedules attached hereto.
“Dowsers,” “Company,” “we,” “us,” or “our” refers to DOWSERS SAS, a société par actions simplifiée organized and existing under the laws of France, registered with the Paris Trade and Companies Registry (Registre du Commerce et des Sociétés de Paris) under SIREN 904 228 095 (SIRET 90422809500017), with its registered office at 30 rue des Archives, 75004 Paris, France, engaged in the development and provision of automated static and dynamic analysis tools, formal verification solutions, and related professional services for the security assessment of blockchain-based smart contracts and blockchain modules.
“Developer,” “you,” or “your” refers to the individual or legal entity that has completed the KYC Process and submitted a Smart Contract for analysis under this Agreement.
“KYC Process” means the know-your-customer identity verification procedure that Developer must complete prior to accessing the Service.
“Partner” means the third-party entity that has referred Developer to Dowsers for a complimentary analysis under a separate arrangement between Partner and Dowsers.
“Service” means Dowsers’s proprietary static analysis tool that automatically inspects Smart Contract source code to identify potential bugs, security vulnerabilities, and risk patterns, together with the results consultation call and PDF Report described herein.
“Smart Contract” means the blockchain-based program or set of programs, in source code form, submitted by Developer for analysis under this Agreement.
“Analysis Results” means the output generated by the Service, including automated findings, classifications, and any annotations provided during the consultation call.
“PDF Report” means the written summary of the Analysis Results delivered to Developer following the consultation call.
“Retention Period” means the period of sixty (60) calendar days following delivery of the PDF Report.
2. Description of Service
2.1 Free Analysis Program
Subject to Developer’s compliance with all terms and conditions of this Agreement, Dowsers agrees to provide Developer with one (1) complimentary static analysis of the Smart Contract submitted by Developer. This free analysis is made available solely through the Partner referral program and is subject to availability at Dowsers’s sole discretion.
2.2 Service Workflow
The Service is provided in the following sequential steps:
- Smart Contract Submission. Developer submits the Smart Contract source code through the designated channel communicated by Dowsers. By submitting the Smart Contract, Developer grants Dowsers a limited, non-exclusive, non-transferable license to access, load, and process the Smart Contract solely for the purpose of performing the analysis contemplated by this Agreement.
- Automated Static Analysis. Dowsers’s proprietary tool performs automated static analysis of the Smart Contract. The analysis is conducted solely through automated means without manual code review unless expressly stated otherwise in writing by Dowsers.
- KYC Verification. Developer must successfully complete the KYC Process prior to any Consultation Call. Dowsers reserves the right to decline or terminate service in the event of incomplete, inaccurate, or suspicious KYC submissions.
- Consultation Call. Results are communicated exclusively through a scheduled voice or video consultation call between Developer and a Dowsers representative. Analysis Results will not be disclosed prior to the consultation call. Developer’s failure to schedule or attend the consultation call within thirty (30) days of notification of completion shall constitute a waiver of access to the Analysis Results.
- PDF Report Delivery. Following the consultation call, Dowsers will deliver one (1) PDF Report summarizing the Analysis Results. The PDF Report is subject to the confidentiality restrictions set forth in Section 5.
3. Disclaimer of Warranties and Limitation of Liability
3.1 No Warranty — AS IS Basis
THE SERVICE, ANALYSIS RESULTS, AND PDF REPORT ARE PROVIDED “AS IS” AND “AS AVAILABLE,” WITHOUT WARRANTY OF ANY KIND, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. DOWSERS EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO:
- Any implied warranty of merchantability, fitness for a particular purpose, or non-infringement;
- Any warranty that the Service will detect all bugs, vulnerabilities, or security risks present in the Smart Contract;
- Any warranty as to the accuracy, completeness, reliability, or timeliness of the Analysis Results;
- Any warranty that the Smart Contract, if deployed, will function as intended or be free from exploitable vulnerabilities.
3.2 Known Limitations — False Positives and False Negatives
DEVELOPER EXPRESSLY ACKNOWLEDGES AND AGREES THAT:
- The Service may generate FALSE POSITIVES — findings that identify issues that do not in fact constitute bugs or vulnerabilities in Developer’s Smart Contract.
- The Service may generate FALSE NEGATIVES — the Service may FAIL TO DETECT bugs, vulnerabilities, or critical security risks that are present in the Smart Contract, including vulnerabilities that could result in complete loss of funds or assets.
- The Analysis Results do not constitute, and shall not be relied upon as, a security audit, penetration test, formal verification, or any other form of comprehensive security assessment.
- Developer bears sole and exclusive responsibility for conducting any additional testing, auditing, or verification it deems necessary prior to deploying the Smart Contract on any public or private blockchain network.
3.3 Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
(a) DOWSERS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT OR THE SERVICE, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF DATA, LOSS OF DIGITAL ASSETS OR CRYPTOCURRENCY, BUSINESS INTERRUPTION, OR COST OF SUBSTITUTE SERVICES, EVEN IF DOWSERS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES;
(b) IN NO EVENT SHALL DOWSERS’S TOTAL CUMULATIVE LIABILITY TO DEVELOPER ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED ONE HUNDRED UNITED STATES DOLLARS (USD $100.00);
(c) THE LIMITATIONS OF LIABILITY IN THIS SECTION SHALL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE.
3.4 No Claims Based on Undetected Vulnerabilities
Developer hereby waives and releases any and all claims, demands, actions, or causes of action against Dowsers arising from or related to the failure of the Service to detect any bug, vulnerability, security risk, or other defect in the Smart Contract, whether or not such failure results in financial loss, loss of digital assets, or any other harm.
4. Developer Representations, Warranties, and Obligations
4.1 Ownership and Authorization
Developer represents, warrants, and covenants to Dowsers that:
- Developer is the lawful owner of the Smart Contract source code submitted for analysis, or is otherwise duly authorized by the lawful owner to submit the Smart Contract for analysis and to grant the license described in Section 2.2(b);
- Developer has full legal authority to enter into this Agreement and to grant the rights described herein;
- The Smart Contract and its submission to Dowsers do not violate any applicable law, regulation, court order, or third-party rights, including intellectual property rights;
- Developer’s use of the Service and the Analysis Results will comply with all applicable laws and regulations.
4.2 Prohibited Uses of Analysis Results
Developer expressly agrees that it will NOT, directly or indirectly:
- Use the Analysis Results, in whole or in part, to plan, prepare, or conduct any attack, exploit, or unauthorized access against any smart contract, blockchain protocol, decentralized application, or any other system, whether or not related to the submitted Smart Contract;
- Share, disclose, transfer, sell, or otherwise communicate the Analysis Results, or any portion thereof, to any individual, entity, or group whose purpose or likely use is to exploit vulnerabilities in smart contracts or blockchain systems;
- Disclose the Analysis Results or PDF Report to any known or suspected hacker, malicious actor, security exploit developer, or person engaged in activities harmful to third parties or the blockchain ecosystem;
- Use the Analysis Results as the basis for, or in furtherance of, any fraudulent, deceptive, or illegal scheme.
4.3 Prohibited Disclosure of PDF Report
The PDF Report is strictly confidential and for Developer’s internal use only. Developer shall NOT:
- Publish, broadcast, post, or otherwise disseminate the PDF Report in whole or in part through any medium, including but not limited to public websites, social media, professional networks, forums, or press releases;
- Provide the PDF Report to any third party without the prior written consent of Dowsers;
- Use the PDF Report or any reference thereto for marketing, promotional, or reputational purposes without Dowsers’s prior written consent.
5. Acceptable Use
In addition to the prohibitions set forth in Section 4, Developer agrees not to use the Service in any manner that is not expressly authorized by this Agreement. Without limiting the foregoing, Developer may NOT:
- Submit a Smart Contract that Developer does not own or is not duly authorized to submit on behalf of the lawful owner.
- Submit false, misleading, or fraudulent information at any stage of the KYC Process or Service workflow.
- Use automated tools, scripts, bots, or any other means to interact with the Service in an unauthorized manner or to circumvent any rate limits, access controls, or security measures implemented by Dowsers.
- Attempt to reverse-engineer, decompile, disassemble, or otherwise derive the source code, scoring algorithms, detection logic, or scan methodology underlying the Service.
- Probe, scan, test, or otherwise assess the security or vulnerability of Dowsers’s systems, infrastructure, or the Service itself, or breach or circumvent any security or authentication measure protecting the Service.
- Resell, sublicense, commercially redistribute, or otherwise make available for commercial gain any Analysis Results, PDF Report, or any other output of the Service, in whole or in part, to any third party.
- Use the Service, the Analysis Results, or any insights derived therefrom to develop, train, benchmark, or evaluate any product, tool, or service that competes with the Service or with any other Dowsers product.
- Use the Service in violation of any applicable law, regulation, rule, or order, or in a manner that infringes or misappropriates any third-party intellectual property, privacy, or other rights.
- Interfere with or disrupt the integrity, performance, or availability of the Service or any related systems or networks.
6. Confidentiality
6.1 Mutual Confidentiality
Each party agrees to keep confidential all non-public information disclosed by the other party in connection with this Agreement that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information.
6.2 PDF Report — Developer Confidentiality Obligations
Developer acknowledges that the PDF Report constitutes Confidential Information relating to its Smart Contract. Developer agrees to protect the PDF Report with at least the same degree of care it uses to protect its own confidential information, but in no event less than reasonable care. The restrictions set forth in Section 4.3 apply in full.
6.3 Dowsers’s Confidentiality Obligations
Dowsers agrees to treat the Smart Contract source code and any information provided by Developer during the KYC Process as confidential, subject to the exceptions in Section 6.4 and the data practices described in Section 7.
6.4 Exceptions and Cooperation with Authorities
Notwithstanding any confidentiality obligations under this Agreement:
- Dowsers reserves the right, and Developer expressly consents, to disclose any information in its possession — including the Smart Contract source code, KYC information, Analysis Results, and any related communications — to law enforcement authorities, regulatory bodies, judicial authorities, or parties harmed by a security incident, to the extent that Dowsers determines, in its sole discretion, that such disclosure is necessary or appropriate in connection with any actual or suspected hack, exploit, theft, fraud, or other security incident affecting or related to the Smart Contract;
- Developer acknowledges that such cooperation is a material condition of Dowsers’s agreement to provide the Service, and that Developer has no expectation of confidentiality with respect to such disclosures;
- Dowsers may also disclose confidential information as required by applicable law, regulation, or valid legal process.
7. Data Practices and Privacy
7.1 Smart Contract Source Code Retention
Dowsers represents its current practice, without assuming any binding obligation, that it does not retain copies of submitted Smart Contract source code beyond the Retention Period of sixty (60) calendar days following delivery of the PDF Report. Dowsers may, however, retain encrypted backups, system logs, or other incidental technical records for longer periods for security, compliance, or operational purposes. Developer acknowledges that this practice is subject to change and does not constitute a binding warranty.
7.2 Analysis Results Archival
Dowsers may retain the Analysis Results (including aggregate findings and metadata) beyond the Retention Period solely for the following purposes:
- Internal quality assurance and calibration of the Service;
- Legal and regulatory compliance, including cooperation with law enforcement as described in Section 6.4;
- Defense of claims, disputes, or legal proceedings;
- Anonymized research and statistical analysis, provided that such use does not identify Developer or the specific Smart Contract.
7.3 No AI Training
Dowsers represents its current practice that it does not use submitted Smart Contract source code to train, fine-tune, or otherwise develop machine learning or artificial intelligence models. Developer acknowledges that this representation reflects Dowsers’s current practice and is subject to change upon notice. Dowsers does not represent that this limitation applies to third-party subprocessors or infrastructure providers.
7.4 KYC Data
KYC information collected from Developer is processed in accordance with Dowsers’s Privacy Policy, available upon request, and applicable data protection laws. Developer consents to Dowsers sharing KYC information with law enforcement or regulatory authorities as required by law or as contemplated by Section 6.4.
8. Intellectual Property
8.1 Dowsers’s Proprietary Rights
The Service, including without limitation the static analysis engine, website, scanner, scoring and detection methodology, the structure and analytical framework of the PDF Report and Analysis Results, software, algorithms, source code, designs, logos, trademarks, trade secrets, and all related intellectual property rights, is owned exclusively by Dowsers and is protected under France and international intellectual property law, including copyright, patent, trade secret, and trademark law.
Nothing in this Agreement transfers, assigns, or grants Developer any ownership interest in or to any of the foregoing. Any feedback, suggestions, or comments Developer provides to Dowsers regarding the Service shall be deemed a royalty-free, irrevocable, perpetual gift to Dowsers, and Dowsers may use such feedback for any purpose without restriction or compensation.
8.2 Limited License to Developer
Subject to Developer’s full compliance with this Agreement, Dowsers grants Developer a limited, revocable, non-exclusive, non-transferable, non-sublicensable license to:
- Access and use the Service solely for Developer’s own internal purposes in connection with the Smart Contract submitted under this Agreement;
- Retain and review the PDF Report solely for Developer’s own internal security assessment purposes, subject to the confidentiality restrictions in Sections 4.3 and 6.
This license does not include any right to use the Service for commercial redistribution, to sublicense access to third parties, to reproduce the analytical framework or methodology of the PDF Report, or to use any Dowsers trademark, logo, or trade name without express prior written consent.
8.3 Developer’s Ownership of Smart Contract
Developer retains all ownership rights in the Smart Contract source code. Nothing in this Agreement transfers any intellectual property rights in the Smart Contract to Dowsers, except for the limited processing license granted in Section 2.2(b) solely for the purpose of performing the analysis.
9. Term and Termination
This Agreement is effective upon Developer’s completion of the KYC Process and remains in effect until the earlier of: (a) delivery of the PDF Report and expiration of the Retention Period; or (b) termination by either party.
Dowsers may suspend or terminate Developer’s access to the Service at any time, with or without cause, including but not limited to Developer’s breach of any provision of this Agreement, failure to complete the KYC Process, or any suspected misuse of the Service.
Sections 3, 4.2, 4.3, 5, 6, 7, 8, 10, and 11 shall survive termination of this Agreement.
10. Indemnification
Developer agrees to defend, indemnify, and hold harmless Dowsers and its officers, directors, employees, agents, and successors from and against any and all claims, liabilities, damages, penalties, judgments, awards, losses, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to:
- Developer’s breach of any representation, warranty, or obligation under this Agreement;
- Developer’s use of the Service or Analysis Results in violation of this Agreement or applicable law;
- Any claim by a third party arising from Developer’s Smart Contract, its deployment, or any hack or exploit of the Smart Contract;
- Developer’s unauthorized disclosure of the PDF Report or Analysis Results;
- Developer’s violation of Section 5 (Acceptable Use).
11. General Provisions
11.1 Governing Law and Jurisdiction
This Agreement shall be governed by and construed in accordance with the laws of France, without regard to its conflict of laws principles. Any dispute arising out of or relating to this Agreement shall be submitted to the exclusive jurisdiction of courts located in Paris, France.
11.2 Dispute Resolution
Prior to initiating any legal proceedings, the parties agree to attempt to resolve any dispute through good-faith negotiation for a period of thirty (30) days. If the dispute is not resolved within such period, either party may pursue its available legal remedies.
11.3 Entire Agreement
This Agreement constitutes the entire agreement between the parties with respect to its subject matter and supersedes all prior negotiations, representations, and agreements relating thereto.
11.4 Amendments
Dowsers reserves the right to modify this Agreement at any time. Developer’s continued use of the Service following notice of any modification constitutes acceptance of the revised terms.
11.5 Severability
If any provision of this Agreement is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect.
11.6 No Waiver
The failure of either party to enforce any right or provision of this Agreement shall not be deemed a waiver of such right or provision.
11.7 Assignment
Developer may not assign this Agreement or any rights or obligations hereunder without the prior written consent of Dowsers. Dowsers may freely assign this Agreement.
11.8 Notices
All notices required or permitted under this Agreement shall be in writing and delivered by email or registered mail to the addresses provided during the KYC Process.
11.9 Force Majeure
Neither party shall be liable for any failure or delay in performance to the extent caused by circumstances beyond its reasonable control, including natural disasters, acts of government, cyberattacks, or blockchain network failures.
12. Acceptance
BY SUBMITTING A SMART CONTRACT FOR ANALYSIS AND COMPLETING THE KYC PROCESS, DEVELOPER ACKNOWLEDGES THAT DEVELOPER HAS READ, UNDERSTOOD, AND AGREES TO BE BOUND BY ALL TERMS AND CONDITIONS OF THIS AGREEMENT.