Security & Audits
At Huma, robust security is embedded at every layer—from smart contracts and backend systems to user interfaces and internal operations—ensuring LPs can participate with confidence.
Minimized Admin Rights
All administrative functions are secured with multisigs, so no single party can act alone. Our smart contracts are specifically engineered to allow admin control over the protocol treasury while preventing access to user funds. This design offers optimal protection for LP funds: even if a multisig were ever compromised, attackers would be unable to access user assets.
Top-Tier Audits
Before any major update goes live on mainnet, it undergoes a comprehensive audit. Our contracts are rigorously reviewed by leading security firms across multiple ecosystems:
EVM smart contracts audited by Spearbit
↳ [Audit Report 1] ↳ [Audit Report 2]
Stellar contracts audited by Certora
↳ [Audit Report].
We also maintain an active bug bounty program in collaboration with Spearbit/Cantina to encourage ongoing white-hat reviews.
Infrastructure & Operational Security
Security doesn't stop at smart contracts. We've implemented strong protection across our infrastructure and team operations:
End-to-end penetration testing of backend systems
Device-level monitoring and endpoint protection (EDR + DM) for all team members
At Huma, we are committed to continuously enhancing our security posture as the protocol evolves, ensuring a secure environment for all participants.
Last updated