# Security at Haven1

At Haven1, user safety isn’t an after-thought—it’s a launch requirement.

Every protocol deploying on Haven1 must pass ***two independent security audits*** before going live.\
Below you’ll find the audit history for Haven1’s own code-base and core infrastructure, followed by details of our active bug-bounty programmes.

***

#### 1. Protocol & Contract Audits

| Category                         | Scope                                                  | Auditor(s)                                                                                                                |
| -------------------------------- | ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------- |
| **Permissioned-layer contracts** | Chain-level permissioning                              | [Hashlock](https://hashlock.com/audits/haven1), [CertiK](https://skynet.certik.com/projects/haven1)                       |
| **Core smart-contracts**         | Token logic, staking, governance, foundation treasury  | [Zokyo](https://github.com/zokyo-sec/audit-reports/tree/main/Haven1), [CertiK](https://skynet.certik.com/projects/haven1) |
| **HSwap (HSOP) DEX**             | AMM pool contracts, router, fee modules                | [Hashlock](https://hashlock.com/audits/haven1), [Certik](https://skynet.certik.com/projects/haven1)                       |
| **Bridge**                       | ERC-20 wrappers, lock-and-mint, burn-and-release flows | Certik, Zokyo                                                                                                             |
| **Guardian API**                 | Module to prevent spam on chain and stop malicious txs | Certik, Zokyo                                                                                                             |

> **Why two audits?**\
> Independent assessments reduce blind spots, uncover edge-case exploits, and ensure mitigations are verified.

***

#### 2. Active Bug-Bounty Programmes

<table><thead><tr><th>Platform</th><th data-type="content-ref">Program Link</th><th>Severity</th><th>Reward Range*</th></tr></thead><tbody><tr><td><strong>CertiK SkyHarbor</strong></td><td><a href="https://skynet.certik.com/projects/haven1">https://skynet.certik.com/projects/haven1</a></td><td>Critical</td><td><strong>Up to $100,000</strong></td></tr><tr><td></td><td></td><td>High</td><td><strong>Up to $10,000</strong></td></tr><tr><td></td><td></td><td>Medium</td><td><strong>Up to $2000</strong></td></tr><tr><td><strong>Immunefi</strong></td><td></td><td>Critical</td><td><strong>Up to $100,000</strong></td></tr><tr><td></td><td></td><td>High</td><td><strong>Up to $10,000</strong></td></tr><tr><td></td><td></td><td>Medium</td><td><strong>Up to $2000</strong></td></tr></tbody></table>

\*Ranges shown are upper-bounds; see programme pages for full terms, scope, and submission guidelines.

***

#### 3. Recommendations for apps building on Haven1

1. **Complete (at least) two reputable audits**.
2. **Publish reports publicly** for transparency.
3. **Run an ongoing bug-bounty** or join aggregated bounty platforms.

***

#### 4. Stay Informed

* **Security disclosures:** <security@haven1.org>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.haven1.org/learn/security-at-haven1.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.