Security is the highest priority of the Themis Protocol. All members of the Themis community working on the protocol have invested considerable effort to ensure the safety and dependability of the Protocol. All contract codes and balances are publicly verifiable, and security researchers are eligible for a bug bounty for reporting undiscovered vulnerabilities.
The Themis community believes that size, visibility, and time are the true test for the security of a smart contract platform. Please review the following security audits and make your own determination of security and suitability. If you would like to help ensure the security of the protocol, please contact [email protected]
The Themis community values the input of white hat hackers working in good faith to help maintain the highest standards for the security and safety of the Themis ecosystem. While the Themis Protocol has gone through professional audits and formal verification, it depends on new technology that may contain undiscovered vulnerabilities. The Themis community encourages its members to audit all contracts and security and to responsibly disclose any issues. The Themis Bounty Program was created to recognize the value of working with a community of independent security researchers, and aims to identify and rectify any issues in good faith.
This bounty program applies to Themis's smart contracts and app and is focused on preventing:
- Thefts and freezing of principal of any amount
- Thefts and freezing of unclaimed yield of any amount
- Theft of governance funds
- Governance activity disruption
- Website uptime disruption
- User data leaks
- Deletion of user data
- Access to sensitive pages without authorization
Submit all bug bounty disclosures to [email protected]. The disclosure must include clear and concise steps to reproduce the discovered vulnerability in either written or video format. Themis will follow up promptly with an acknowledgment of the disclosure.