All in Bits strives to contribute toward the security of our ecosystem through internal security practices, and by working with external security researchers from the community.

If you've identified a vulnerability, please report it through one of the following venues:

• Submit an advisory through GitHub: https://github.com/atomone-hub/atomone/security/advisories/new
• Email security [at-symbol] tendermint [dot] com. If you are concerned about confidentiality e.g. because of a high-severity issue, you may email us for PGP or Signal contact details.
• We provide bug bounty rewards through our program at HackenProof. You must report via HackenProof in order to be eligible for rewards.

We will respond within 3 business days to all received reports.

Thank you for helping to keep our ecosystem safe!

• March 2025: The security firm Zellic conducted a source code audit of the AtomOne daemon and published a report on March 11, 2025. Zellic has independently published this report here with a SHA-256 hash of 60625f148263829921f7b8cc4a065290b197ddb869ba821f7dc4cfe4a4f96ff1. The audit scope was the whole codebase with a specific focus on the new x/photon module and the dynamic deposit proposal from the x/gov/ module.