# Security Smart contract security is a top priority for those working on Aura Finance. All reasonable precautions must be taken to ensure the protocol is safe to use. Below is a list of some of the things we believe make smart contract systems secure. ## Chainalysis's Proactive Incident Response Aura has partnered up with [@chainalysis](https://twitter.com/chainalysis) to adopt an[ Incident Response Plan ](https://vote.aura.finance/#/proposal/0x2fbb1422b9efea30fc91b714645ef9591a8291c896e5f0e70efdf43d9a322f05)for the protocol. The IRP adds an extra layer of security on top of well-developed code and audits, Aura will be able to deter hackers and have an asset recovery plan in potential events. ### Audits #### Audit 1 - Peckshield (4-18th Apr 2022) {% file src="" %} #### Audit 2 - Code4rena (11-25th May 2022) A $150k, 2 week long audit competition ran on allowed anyone with knowledge of the system, or just general bug hunters, a chance to come and contribute to the security of the Aura system before launch. {% file src="" %} #### Audit 3 - Halborn (12th May - 23rd June 2022) A 6 week audit has been performed by Halborn Security (). {% file src="" %} #### Audit 4 - Halborn (6th March - 20th March 2023) A 2 week audit has been performed by Halborn Security to audit AuraBal Compounder contracts (). {% file src="" %} #### Audit 5 - Halborn (09th May - 06th June 2023) A 4 week audit has been performed by Halborn Security to audit Sidechain contracts and Convex Platform lite version contracts (). {% file src="" %} #### Audit 6 - Zellic (28th May - 06th June 2023) A 8 days audit has been performed by Zellic Inc to audit Sidechain contracts and Convex Platform lite version contracts (). {% file src="" %} ### Bug bounties External bug bounties are essential for projects. Aura has placed a $1m critical bug bounty payout on Immunefi. {% embed url="" %} ### ### Internal processes #### Codebase Some practices employed on Aura Finance smart contract repositories: * protected `master` branch with mandatory peer reviews and passing CI (including linting, compiling, and testing) * \>98% code coverage (using coveralls) and comprehensive integration tests * Strict linting rules * Code commented using the Natspec standard #### Fork testing Fork testing is helps simulate contract deployments and functionality in a live environment, accounting for external dependencies. Aura comprehensively tests deployments using fork tests. #### Internal auditing Developers know their code best, and dedicated time has been taken to manually review all code in the system. ### Contact If you have any feedback or concerns, reach out to `security@aura.finance` or to an admin on Discord --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.aura.finance/aura/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.