> ## Documentation Index
> Fetch the complete documentation index at: https://docs.auora.gg/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Overview

> How Auora is built so you never have to trust us.

Auora is designed around a single principle: **a player should never have to trust Auora to play Auora**.

Every security claim on this page is enforced by code, not policy. Where we say "we cannot," we mean we cannot, not that we promise not to.

<CardGroup cols={2}>
  <Card title="Non-custodial" icon="vault" href="/security/non-custodial">
    We never hold your funds, your keys, or your seed phrase.
  </Card>

  <Card title="Oracle integrity" icon="shield-check" href="/security/oracle-integrity">
    Every settlement price is cryptographically signed and on-chain verifiable.
  </Card>

  <Card title="Anti-copytrade" icon="user-secret" href="/security/anti-copytrade">
    Commit-reveal protections so nobody can mirror your picks.
  </Card>

  <Card title="Anti-Sybil" icon="users-slash" href="/security/anti-sybil">
    Tournament structure that breaks the wallet-spam economy.
  </Card>

  <Card title="Audits" icon="file-shield" href="/security/audits">
    Independent third-party security review.
  </Card>

  <Card title="Bug bounty" icon="bug" href="/security/bug-bounty">
    Real money for real findings. No legal threats.
  </Card>
</CardGroup>

## Defense in depth

We treat security as layered, not binary:

1. **Custody is removed entirely.** There is no point of compromise that lets anyone — including us — move user funds.
2. **Settlement is removed from us.** There is no admin button that lets anyone — including us — fake a price.
3. **Information is removed from the mempool.** Commit-reveal closes the front-running surface that breaks most prediction sites.
4. **Sybil economics are removed from tournaments.** Upfront full-bracket commitment makes wallet-spam strategies dominated by actually skilled play.
5. **The contracts are non-upgradeable** on the dimensions that matter. The rules of the game cannot be silently rewritten under players who are mid-round.
6. **Our admin keys are liveness-only.** They can pay gas to carry signed oracle bytes from the oracle network to the contract. They cannot mint, freeze, seize, redirect, or substitute. If the keys were stolen tomorrow, the worst the thief could do is **stop running rounds**, not steal funds.
7. **Independent monitoring.** A third-party monitoring stack watches every contract for anomalies and pages our on-call team within minutes of any deviation from expected behavior.

## What we will not do

* We will not store your private keys.
* We will not store your seed phrase.
* We will not ask for your password — there is no password.
* We will not ask you to "verify" your wallet by signing a transaction during login. Login is a free off-chain message signature, never a transaction.
* We will not DM you first on Discord, Telegram, or Twitter. If someone does, it is not us.
* We will not "recover" lost funds. Non-custodial means non-custodial.