Security

A live register of security findings, triage status, and remediation progress. This is the reference surface for ongoing review and release gating.

• • Kani and property tests cover the margin and mandate invariants used by the live testnet build.
• • Dual oracle design: Chainlink plus Pyth, tolerance checks, and freshness checks on Plinth price reads.
• • Admin on the live testnet stack is a single deployer key today; the 3-of-5 Safe behind a 48h PraetorTimelock is the documented pre-mainnet gate (code in the repo, not active on the live stack).
• • ERC-7201 namespaced storage for safe upgrades.
• • Per-adapter per-block notional cap on Coffer.
• • Kill Switch path for revoking active Sigil mandates from the connected owner wallet.

Security review is continuous across contracts, adapters, services, and frontend surfaces. Public releases include source, tests, and deployment addresses so reviewers can reproduce claims against the chain. Material issues are fixed before they are represented as production-ready.

Email security@useatrium.me. Include affected contracts or routes, reproduction steps, impact, and any transaction hashes. We acknowledge reports within 48 hours and prioritize issues by impact.

Atrium accepts responsible disclosures during testnet. Any bounty terms, reward amounts, and formal scope will be published before a production program is opened. Until then, do not assume a guaranteed payout; report critical issues directly to security@useatrium.me.

Some testnet integrations are simulated, relayed, or gated when the upstream venue is not available on Sepolia. User-facing surfaces label those states directly so testnet behavior is never presented as production liquidity. Current disclosures are listed at /docs/honesty.