Security is the highest priority of the Anchor Protocol. All members of the Anchor community working on the protocol have invested considerable effort to ensure the safety and dependability of the Anchor Protocol. All contract codes and balances are publicly verifiable, and security researchers are eligible for a bug bounty for reporting undiscovered vulnerabilities.
The Anchor community believes that size, visibility, and time are the true test for the security of a smart contract platform. Please review the following security audits and make your own determination of security and suitability. If you would like to help ensure the security of the protocol, please contact [email protected] .
The Anchor community values the input of white hat hackers working in good faith to help maintain the highest standards for the security and safety of the Anchor ecosystem. While the Anchor Protocol has gone through professional audits and formal verification, it depends on new technology that may contain undiscovered vulnerabilities. The Anchor community encourages its members to audit all contracts and security and to responsibly disclose any issues. The Anchor Bounty Program was created to recognize the value of working with a community of independent security researchers, and aims to identify and rectify any issues in good faith.
This bounty program applies to Anchor's smart contracts and app and is focused on preventing:
- Thefts and freezing of principal of any amount
- Thefts and freezing of unclaimed yield of any amount
- Theft of governance funds
- Governance activity disruption
- Website uptime disruption
- User data leaks
- Deletion of user data
- Access to sensitive pages without authorization
Submit all bug bounty disclosures to [email protected]. The disclosure must include clear and concise steps to reproduce the discovered vulnerability in either written or video format. Anchor will follow up promptly with an acknowledgement of the disclosure.