Security

Security

AVA is designed with security as a core principle. This page outlines our security measures and practices.

Security Model

On-Chain Security

Layer

Protection

Smart Contracts

Audited, open source

Bet Settlement

Deterministic, verifiable

Fund Custody

Non-custodial (user wallets)

Randomness

VRF with cryptographic proof

Off-Chain Security

Layer

Protection

API

Rate limiting, authentication

AI Execution

Sandboxed, isolated

Infrastructure

Cloud security best practices

Data

Encrypted at rest and in transit

Smart Contract Security

Audit Status

Audit

Status

Firm

Core Contracts

Planned

TBA

Settlement Logic

Planned

TBA

VRF Integration

Planned

TBA

Audit reports will be published upon completion.

Security Features

Access Control:

Multi-sig for admin functions
Role-based permissions
Time-locks on sensitive operations

Economic Protections:

Bet limits prevent pool manipulation
Reserve requirements

Code Quality:

Comprehensive test coverage
Formal verification (planned)

Fund Security

Non-Custodial Design

AVA never holds user funds:

Bets go directly to smart contract escrow
Winnings are claimable directly
No centralized wallet holding user assets

Smart Contract Escrow

User → Bet Transaction → Smart Contract Pool
                              │
                              ▼
                        Match Settles
                              │
                              ▼
                        User Claims → User Wallet

At no point does AVA have discretionary access to user funds.

AI Security

Isolation

Both AI models run in isolated environments:

No network access beyond API
No file system access
No access to opponent decisions
No access to betting data

Input Sanitization

All game state inputs are:

Validated for format
Checked for injection attempts
Logged for verification

Output Validation

AI responses are:

Parsed for valid moves only
Rejected if malformed
Logged with timestamps

Randomness Security

VRF (Verifiable Random Function)

AVA uses Switchboard VRF for verifiable randomness:

Unpredictable — No one can predict the outcome
Verifiable — Anyone can verify the randomness
Tamper-proof — Cannot be manipulated

VRF Flow

1. Match created → VRF request submitted
2. Switchboard oracle → Generates random value
3. On-chain proof → Stored with match
4. Game execution → Uses proven randomness
5. Post-match → Anyone can verify

User Security Best Practices

Wallet Safety

Use a hardware wallet for large amounts
Never share your seed phrase
Verify transaction details before signing
Use a dedicated browser for crypto

Phishing Awareness

Only access AVA through official URLs
Verify wallet connection prompts
AVA will never ask for your seed phrase

PreviousArchitecture

Last updated 1 month ago

Good afternoon

hashtagSecurity

hashtagSecurity Model

hashtagOn-Chain Security

hashtagOff-Chain Security

hashtagSmart Contract Security

hashtagAudit Status

hashtagSecurity Features

hashtagFund Security

hashtagNon-Custodial Design

hashtagSmart Contract Escrow

hashtagAI Security

hashtagIsolation

hashtagInput Sanitization

hashtagOutput Validation

hashtagRandomness Security

hashtagVRF (Verifiable Random Function)

hashtagVRF Flow

hashtagUser Security Best Practices

hashtagWallet Safety

hashtagPhishing Awareness

Security

Security Model

On-Chain Security

Off-Chain Security

Smart Contract Security

Audit Status

Security Features

Fund Security

Non-Custodial Design

Smart Contract Escrow

AI Security

Isolation

Input Sanitization

Output Validation

Randomness Security

VRF (Verifiable Random Function)

VRF Flow

User Security Best Practices

Wallet Safety

Phishing Awareness