Documentation Index
Fetch the complete documentation index at: https://new-docs.velora.xyz/llms.txt
Use this file to discover all available pages before exploring further.
Every line of Velora’s on-chain code goes through independent third-party audits before reaching production. This page lists every audit on record, plus the wider security posture — formal verification, monitoring, and Web2 testing.
Smart-contract audits
| Surface | Auditors | Notes | Detail |
|---|
| Augustus v6.2 | 3 independent firms | Refinements to fee-claiming on top of v6.1; prior v6.1 audits remain applicable | v6.2 audits |
| Augustus v6.1 | Certora, Hexens, Peckshield, Hacken, Astrasec | First DEX aggregator with formal verification (Certora) | v6.1 audits |
| Augustus v5 | Independent auditors | Production-grade aggregator router | v5 audits |
| Augustus RFQ | Independent auditor | Fungible-token RFQ contracts | RFQ audits |
Audit report PDFs are currently hosted on the legacy developers.velora.xyz site. They will be mirrored into this repo as the migration completes.
Web3 security
Independent audits
Every contract that handles user funds — Augustus router, Delta settlement, Portikus, RFQ — is reviewed by at least one independent security firm before deployment. Reports are publicly disclosed.
Augustus v6.1 underwent formal verification by Certora, mathematically proving correctness for critical invariants. To our knowledge, ParaSwap was the first DEX aggregator to ship a formally-verified router.
Continuous monitoring
Live monitoring on production contracts detects abnormal flows, suspicious transaction patterns, and unexpected state transitions. Emergency pause mechanisms are in place for critical surfaces.
Web2 security
Annual third-party penetration testing covers the Velora API, the partner portal, and supporting backend infrastructure.
Reporting a vulnerability
Found something? Email security@velora.xyz with a clear description, reproduction steps, affected surfaces, and your assessment of impact. Do not file public issues or post details on social media until the team has acknowledged the report and coordinated disclosure.
Related pages
