Bugs & Security
When creating a Layer 1 (L1) protocol chain, taking security seriously is of utmost importance. L1 protocols are the backbone of the blockchain ecosystem, and any security vulnerabilities within the L1 can lead to a range of potential consequences, from financial loss to reputation damage to even the collapse of the entire network. As such, security is an essential aspect of developing any L1 protocol chain, and security must be considered at every step of the development process.
Despite our best efforts, security issues may still arise in our L1 protocol chain. In such cases, we encourage our users to report any vulnerabilities or bugs they may find. For sensitive bugs, we ask users to send the issue to us, who help us identify, prioritize and resolve security issues confidentially and securely. For non-sensitive bugs, we encourage users to open an open ticket on our Discord channel so that our team can address the issue as soon as possible.
Areon is connecting two major worlds in the crypto universe by enabling compatibility between the Ethereum and Areon ecosystem. This does not come without its difficulties, and security always is a top priority for the Areon developers.
Each feature is extensively tested and internally audited by the team before being brought to the users. However, external audits are a valuable and necessary assurance for the security of the protocol itself and with that, also for anyone deploying on or using Areon.
This page lists the publicly available audits, that have been conducted on the Areon codebases:
The Simple Arrangement for Funding Upload (the "SAFU") outlines the post-exploit policy for active vulnerabilities in the Areon blockchain. The SAFU is intended for white hat hackers and outlines the process for returning funds and calculating rewards for vulnerabilities found in the network. In summary, the SAFU states the following:
- Hackers are not at risk of legal action if they act in accordance with the SAFU.
- Hackers have a Grace Period to return any exploited funds to a specified dropbox address and can claim a reward of a Bounty Percent of the total funds secured up to the Bounty Cap.
- The rewards are distributed during the next upgrade of the network.
- If the reward is valued above a specified threshold amount, white hat hackers should go through a Know Your Clients/Know Your Business (KYC/KYB) process.
- Exploiting vulnerabilities for malicious purposes will make a hacker ineligible for any rewards.
- White hat hackers are not entitled to any rewards from the team or network for funds from "Out of Scope Projects" (other projects that were exploited by hackers but do not have their own SAFU program).
For more information, visit the SAFU agreement.