> For the complete documentation index, see [llms.txt](https://docs.huma.finance/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.huma.finance/ecosystem-resources/security-audits.md).

# Security & Audits

At Huma, robust security is embedded at every layer—from smart contracts and backend systems to user interfaces and internal operations—ensuring LPs can participate with confidence.

## **Minimized Admin Rights**

All administrative functions are secured with multisigs, so no single party can act alone. Our smart contracts are specifically engineered to allow admin control over the protocol treasury while preventing access to user funds. This design offers optimal protection for LP funds: even if a multisig were ever compromised, attackers would be unable to access user assets.

## **Top-Tier Audits**

Before any major update goes live on mainnet, it undergoes a comprehensive audit. Our contracts are rigorously reviewed by leading security firms across multiple ecosystems:

* **Solana** programs audited by **Halborn** and **Sec3**

  ↳ *\[*[*Huma Prime Audit Report*](https://github.com/sec3-service/reports/blob/master/reports/sec3_huma_vault.pdf)*]* ↳ *\[*[*Incremental Audit Report 1*](https://github.com/sec3-service/reports/blob/master/reports/sec3_huma_vault_incremental_20260131.pdf)*]*

  ↳ *\[*[*Huma 2.0 Audit Report*](https://www.halborn.com/audits/huma-finance/solana-programs-060022)*]* ↳ *\[*[*Incremental Audit Report 1*](https://www.halborn.com/audits/huma-finance/huma-solana-programs-687cbd)*]* ↳ *\[*[*Incremental Audit Report 2*](https://github.com/sec3-service/reports/blob/master/reports/sec3_huma_permissionless_incremental_20260512.pdf)*]* ↳ *\[*[*Incremental Audit Report 3*](https://github.com/sec3-service/reports/blob/master/reports/sec3_huma_permissionless_pr407_incr_20260608.pdf)*]*

  ↳ *\[*[*Huma Institutional Audit Report*](https://www.halborn.com/audits/huma-finance/huma---pr-124-d3c7e8)*]* ↳ *\[*[*Incremental Audit Report 1*](https://www.halborn.com/audits/huma-finance/huma---solana-program-audit-pr-113-2b46cf)*]*
* **EVM** smart contracts audited by **Spearbit**

  ↳ *\[*[*Audit Report 1*](https://github.com/00labs/huma-contracts-v2/blob/develop/audit/spearbit.pdf)*]* ↳ *\[*[*Audit Report 2*](https://github.com/00labs/huma-contracts-v2/blob/develop/audit/spearbit-incremental-Nov-2024.pdf)*]*
* **Stellar** contracts audited by **Certora**

  ↳ *\[*[*Audit Report*](https://certora.cdn.prismic.io/certora/Z0dE1pbqstJ971DG_HumaCertoraAuditReport.pdf)*]*.

We also maintain an active **bug bounty program** in collaboration with **Spearbit/Cantina** to encourage ongoing white-hat reviews.

## **Infrastructure & Operational Security**

Security doesn't stop at smart contracts. We've implemented strong protection across our infrastructure and team operations:

* **End-to-end penetration testing** of backend systems
* **Device-level monitoring and endpoint protection** (EDR + DM) for all team members

At Huma, we are committed to continuously enhancing our security posture as the protocol evolves, ensuring a secure environment for all participants.
