Skip to content

Security: Anchor-Protocol/anchor-docs

Security

docs/security.md

Security

Introduction

Security is the highest priority of the Anchor Protocol. All members of the Anchor community working on the protocol have invested considerable effort to ensure the safety and dependability of the Anchor Protocol. All contract codes and balances are publicly verifiable, and security researchers are eligible for a bug bounty for reporting undiscovered vulnerabilities.

The Anchor community believes that size, visibility, and time are the true test for the security of a smart contract platform. Please review the following security audits and make your own determination of security and suitability. If you would like to help ensure the security of the protocol, please contact [email protected]

Audits

Anchor Bug Bounty Program

The Anchor community values the input of white hat hackers working in good faith to help maintain the highest standards for the security and safety of the Anchor ecosystem. While the Anchor Protocol has gone through professional audits and formal verification, it depends on new technology that may contain undiscovered vulnerabilities. The Anchor community encourages its members to audit all contracts and security and to responsibly disclose any issues. The Anchor Bounty Program was created to recognize the value of working with a community of independent security researchers, and aims to identify and rectify any issues in good faith.

Immunefi Bug Bounty Program

Anchor bug bounties are available on ImmuneFi's bug bounty platform. This bounty program applies to Anchor's smart contracts and app and focuses on preventing:

  • Thefts and freezing of principal of any amount
  • Thefts and freezing of unclaimed yield of any amount
  • Theft of governance funds
  • Governance activity disruption
  • Website uptime disruption
  • User data leaks
  • Deletion of user data
  • Access to sensitive pages without authorization

All rewards on ImmuneFi are distributed according to the Immunefi Vulnerability Severity Classification System. Any vulnerability with regards to the use of centralized price feed oracles is ineligible for a reward. To view the current bounties and rewards, and to find out more information, visit the Immunefi Anchor bounty page.

There aren’t any published security advisories