# Security Smart contract security is a top priority for those working on Aura Finance. All reasonable precautions must be taken to ensure the protocol is safe to use. Below is a list of some of the things we believe make smart contract systems secure. ## Chainalysis's Proactive Incident Response Aura has partnered up with [@chainalysis](https://twitter.com/chainalysis) to adopt an[ Incident Response Plan ](https://vote.aura.finance/#/proposal/0x2fbb1422b9efea30fc91b714645ef9591a8291c896e5f0e70efdf43d9a322f05)for the protocol. The IRP adds an extra layer of security on top of well-developed code and audits, Aura will be able to deter hackers and have an asset recovery plan in potential events. ### Audits #### Audit 1 - Peckshield (4-18th Apr 2022) {% file src="" %} #### Audit 2 - Code4rena (11-25th May 2022) A $150k, 2 week long audit competition ran on allowed anyone with knowledge of the system, or just general bug hunters, a chance to come and contribute to the security of the Aura system before launch. {% file src="" %} #### Audit 3 - Halborn (12th May - 23rd June 2022) A 6 week audit has been performed by Halborn Security (). {% file src="" %} #### Audit 4 - Halborn (6th March - 20th March 2023) A 2 week audit has been performed by Halborn Security to audit AuraBal Compounder contracts (). {% file src="" %} #### Audit 5 - Halborn (09th May - 06th June 2023) A 4 week audit has been performed by Halborn Security to audit Sidechain contracts and Convex Platform lite version contracts (). {% file src="" %} #### Audit 6 - Zellic (28th May - 06th June 2023) A 8 days audit has been performed by Zellic Inc to audit Sidechain contracts and Convex Platform lite version contracts (). {% file src="" %} ### Bug bounties External bug bounties are essential for projects. Aura has placed a $1m critical bug bounty payout on Immunefi. {% embed url="" %} ### ### Internal processes #### Codebase Some practices employed on Aura Finance smart contract repositories: * protected `master` branch with mandatory peer reviews and passing CI (including linting, compiling, and testing) * \>98% code coverage (using coveralls) and comprehensive integration tests * Strict linting rules * Code commented using the Natspec standard #### Fork testing Fork testing is helps simulate contract deployments and functionality in a live environment, accounting for external dependencies. Aura comprehensively tests deployments using fork tests. #### Internal auditing Developers know their code best, and dedicated time has been taken to manually review all code in the system. ### Contact If you have any feedback or concerns, reach out to `security@aura.finance` or to an admin on Discord