Security — Audits & Bug Bounty

Security is fundamental to STON.fi. Below are the public audits, continuous monitoring resources, and our active bug bounty program for responsible disclosure.

Audits and Reviews

• Trail of Bits — STON.fi TON AMM DEX v2 Security Review (Jan 2025)

  • PDF: https://github.com/trailofbits/publications/blob/master/reviews/2025-01-stonfi-ton-amm-dex-v2-securityreview.pdf

• Omniston escrow contracts audit — no critical issues found

  • Blog post: https://blog.ston.fi/omniston-escrow-contracts-audited/

  • Summary: Initial audit of Omniston’s escrow contracts completed with no critical issues found (per the STON.fi blog; reviewed by the TonTech team).

• Continuous monitoring — CertiK Skynet

  • Project page: https://skynet.certik.com/projects/ston-fi

Bug Bounty

• Program: STON.fi DEX Smart Contracts v2 on HackenProof

  • Program page: https://hackenproof.com/programs/ston-dot-fi-dex-smart-contracts-v2

  • Notes: Public, severity-based rewards. Please submit findings via HackenProof following their responsible disclosure process and scope.

• Community highlight: Bug bounty reward announcement

  • Blog post: https://hackenproof.com/blog/for-hackers/ston-fi-bug-bounty-reward

If you discover a potential vulnerability, please report it through the HackenProof program above. Avoid sharing sensitive details publicly until the issue is triaged and resolved.