Security

Smart contract security is a top priority for those working on Aura Finance. All reasonable precautions must be taken to ensure the protocol is safe to use. Below is a list of some of the things we believe make smart contract systems secure.
​
Chainalysis's Proactive Incident Response
Aura has partnered up with @chainalysis to adopt an Incident Response Plan for the protocol. The IRP adds an extra layer of security on top of well developed code and audits, Aura will be able to deter hackers and have an asset recovery plan in potential events.
​
Audits
Audit 1 - Peckshield (4-18th Apr 2022)
PeckShield-Audit-Report-AuraFinance-v1.0.pdf
389KB
PDF
Audit 2 - Code4rena (11-25th May 2022)
A $150k, 2 week long audit competition ran on https://code4rena.com/ allowed anyone with knowledge of the system, or just general bug hunters, a chance to come and contribute to the security of the Aura system before launch.
Code4rena-Audit-Report-AuraFinance-v1.0.pdf
802KB
PDF
Audit 3 - Halborn (12th May - 23rd June 2022)
A 6 week audit has been performed by Halborn Security (https://twitter.com/HalbornSecurity).
Halborn-Audit-Report-AuraFinance-v1.0.pdf
3MB
PDF
Audit 4 - Halborn (6th March - 20th March 2023)
A 2 week audit has been performed by Halborn Security to audit AuraBal Compounder contracts (https://twitter.com/HalbornSecurity).
halborn_aurabal_vault_audit_report.pdf
5MB
PDF
Audit 5 - Halborn (09th May - 06th June 2023)
A 4 week audit has been performed by Halborn Security to audit Sidechain contracts and  Convex Platform lite version contracts
 (https://twitter.com/HalbornSecurity).
halborn_sidechain_audit_report.pdf
1MB
PDF
Audit 6 - Zellic (28th May - 06th June 2023)
A 8 days audit has been performed by Zellic Inc to audit Sidechain contracts and  Convex Platform lite version contracts
 (https://twitter.com/zellic_io).
zellic_sidechain_audit_report.pdf
2MB
PDF
Bug bounties
External bug bounties are essential for projects. Aura has placed a $1m critical bug bounty payout on Immunefi.
https://immunefi.com/bounty/aurafinance
immunefi.com
​
Internal processes
Codebase
Some practices employed on Aura Finance smart contract repositories:
protected master branch with mandatory peer reviews and passing CI (including linting, compiling, and testing)
>98% code coverage (using coveralls) and comprehensive integration tests
Strict linting rules
Code commented using the Natspec standard
Fork testing
Fork testing is helps simulate contract deployments and functionality in a live environment, accounting for external dependencies. Aura comprehensively tests deployments using fork tests.
Internal auditing
Developers know their code best, and dedicated time has been taken to manually review all code in the system.
​
Contact
If you have any feedback or concerns, reach out to [email protected] or to an admin on Discord
​

Gauge voting

Risks

Last modified 2mo ago

Security

Chainalysis's Proactive Incident Response

Audits

Audit 1 - Peckshield (4-18th Apr 2022)

Audit 2 - Code4rena (11-25th May 2022)

Audit 3 - Halborn (12th May - 23rd June 2022)

Audit 4 - Halborn (6th March - 20th March 2023)

Audit 5 - Halborn (09th May - 06th June 2023)

Audit 6 - Zellic (28th May - 06th June 2023)

Bug bounties

​

Internal processes

Codebase

Fork testing

Internal auditing

Contact