# Audits & Security

This page explains how Hann Finance handles security, how to report vulnerabilities, and where security updates are communicated.

{% hint style="warning" %}
**No security guarantees** — Audits reduce risk but do not eliminate it. Use the protocol at your own risk.
{% endhint %}

## Vulnerability reporting

If you believe you found a vulnerability, email **<security@hann.finance>** with:

1. a clear description of the issue and potential impact
2. steps to reproduce (or PoC code)
3. a wallet address for acknowledgements / rewards (if applicable)

We follow coordinated disclosure practices.

## Security operations log

Security-relevant updates will be recorded here and (where appropriate) communicated in official channels.

| Date (UTC) | Event  | Summary | Action |
| ---------- | ------ | ------- | ------ |
| \[TBD]     | \[TBD] | \[TBD]  | \[TBD] |

{% hint style="warning" %}
**\[TBD] Audit reports** — Publish audit scope, report links, and commit hashes once available.
{% endhint %}

## User safety checklist

* Use only the official UI and verified contract addresses.
* Start small when using Zappers or leverage flows.
* Set realistic slippage limits and short deadlines for swaps.
* Read: [Risk Disclosure](https://hann-finance.gitbook.io/hann-finance/risks/risk-disclosure)