All in Bits (AiB) strives to contribute toward the security of our ecosystem through internal security practices, and by working with external security researchers from the community.
If you've identified a vulnerability, please report it through one of the following venues:
- Submit an advisory through GitHub:
- GovGen Governance dApp: https://github.com/allinbits/govgen-governance-dapp/security/advisories/new
- AtomOne Governance dApp: https://github.com/allinbits/atomone-governance-dapp/security/advisories/new
- GovGen daemon: https://github.com/atomone-hub/govgen/security/advisories/new
- AtomOne daemon: https://github.com/atomone-hub/atomone/security/advisories/new
- GovGen daemon: https://github.com/atomone-hub/govgen/security/advisories/new
-
Email security [at-symbol] allinbits [dot] com. If you are concerned about confidentiality e.g. because of a high-severity issue, you may email us for PGP or Signal contact details.
-
We provide bug bounty rewards through our program at HackenProof. You must report via HackenProof in order to be eligible for rewards. A list of software in scope for our HackenProof programs can be found here:
https://hackenproof.com/company/all-in-bits/programs
We will respond within 3 business days to all received reports.
Thank you for helping to keep our ecosystem safe!
AiB frequently engages third-party security auditors to review software in the ecosystems we contribute to. Some of these projects we contribute to are listed below, along with their audit status:
-
GovGen daemon: This is a minimal fork of the popular Cosmos Gaia project, which itself is a wrapper for a version of the Cosmos SDK audited by Oak Security. We do not have any third-party audits planned for this daemon.
-
AtomOne daemon: A third-party audit is currently planned.
-
GovGen Governance dApp: Zellic produced a report for their audit of this dApp on May 7, 2024 against commit 2efa134e3adab63055d2c5a66766ee1ad67f3c03. Additionally, the audit of the AtomOne Staking Portal included the latest changes of the GovGen Governance dApp through commit 6b3fd24e96a6ce54afa9a6280cee9bc08aa653ff.
-
AtomOne Governance dApp: As a small fork of the audited GovGen Governance dApp, this dApp largely inherits its security. An additional third-party audit of this specific project or its underlying library once refactored is planned.
-
AtomOne Staking Portal: Zellic produced a report for their audit of this dApp on January 21, 2025 against commit c5969a80153959a535e6bc61905b1d990421b095.
