# Security — Audits & Bug Bounty

Security is fundamental to STON.fi. Below are the public audits, continuous monitoring resources, and our active bug bounty program for responsible disclosure.

## Audits and Reviews

* Trail of Bits — STON.fi TON AMM DEX v2 Security Review (Jan 2025)
  * PDF: <https://github.com/trailofbits/publications/blob/master/reviews/2025-01-stonfi-ton-amm-dex-v2-securityreview.pdf>
* Omniston escrow contracts audit — no critical issues found
  * Blog post: <https://blog.ston.fi/omniston-escrow-contracts-audited/>
  * Summary: Initial audit of Omniston’s escrow contracts completed with no critical issues found (per the STON.fi blog; reviewed by the TonTech team).
* Continuous monitoring — CertiK Skynet
  * Project page: <https://skynet.certik.com/projects/ston-fi>

## Bug Bounty

* Program: STON.fi DEX Smart Contracts v2 on HackenProof
  * Program page: <https://hackenproof.com/programs/ston-dot-fi-dex-smart-contracts-v2>
  * Notes: Public, severity-based rewards. Please submit findings via HackenProof following their responsible disclosure process and scope.
* Community highlight: Bug bounty reward announcement
  * Blog post: <https://hackenproof.com/blog/for-hackers/ston-fi-bug-bounty-reward>

If you discover a potential vulnerability, please report it through the HackenProof program above. Avoid sharing sensitive details publicly until the issue is triaged and resolved.