1Hive has an ongoing Bug Bounty program where community members can report any bugs or vulnerabilities they discover in contracts for a reward of up to $40,000. Find more information on the bounty criteria and application process on the Bug Bounty page.
Currently 1Hive does not audit it's code, see this post regarding this:
However, we did have an audit for Dandelion. ConsenSys Diligence conducted a security audit of 1Hive’s Dandelion org template and supporting apps. Dandelion orgs are a DAO template that function similarly to MolochDAO, and are comprised of a suite of modular Aragon apps that can be used in any Aragon DAO.