> ## Documentation Index
> Fetch the complete documentation index at: https://digraphsas-docs-cli.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Velora smart contract audits

> Velora's smart-contract audits and security approach across Augustus, RFQ, and supporting infrastructure.

Every line of Velora's on-chain code goes through independent third-party audits before reaching production. This page lists every audit on record, plus the wider security posture: formal verification, monitoring, and Web2 testing.

## Smart-contract audits

| Surface       | Auditors                                      | Notes                                                                           | Detail                                                  |
| ------------- | --------------------------------------------- | ------------------------------------------------------------------------------- | ------------------------------------------------------- |
| Augustus v6.2 | Certora, PeckShield, AstraSec                 | Refinements to fee-claiming on top of v6.1; prior v6.1 audits remain applicable | [v6.2 audits](/resources/security/audits/augustus-v6-2) |
| Augustus v6.1 | Certora, Hexens, PeckShield, Hacken, AstraSec | First DEX aggregator with formal verification (Certora)                         | [v6.1 audits](/resources/security/audits/augustus-v6-1) |
| Augustus v5   | PeckShield, Solidified                        | Production-grade aggregator router                                              | [v5 audits](/resources/security/audits/augustus-v5)     |
| AugustusRFQ   | PeckShield                                    | Fungible-token RFQ contracts                                                    | [RFQ audits](/resources/security/audits/augustus-rfq)   |

## Web3 security

### Independent audits

Every contract that handles user funds (Augustus router, Delta settlement, Portikus, RFQ) is reviewed by at least one independent security firm before deployment. Reports are publicly disclosed.

### Formal verification

Augustus v6.1 underwent **formal verification by Certora**, mathematically proving correctness for critical invariants. To our knowledge, ParaSwap was the first DEX aggregator to ship a formally-verified router.

### Continuous monitoring

Live monitoring on production contracts detects abnormal flows, suspicious transaction patterns, and unexpected state transitions. Emergency pause mechanisms are in place for critical surfaces.

## Web2 security

Annual third-party penetration testing covers the Velora API, the partner portal, and supporting backend infrastructure.

## Reporting a vulnerability

Found something? Email [security@velora.xyz](mailto:security@velora.xyz) with a clear description, reproduction steps, affected surfaces, and your assessment of impact. Do not file public issues or post details on social media until the team has acknowledged the report and coordinated disclosure.

## Related pages

* [Augustus v6.2 audits](/resources/security/audits/augustus-v6-2)
* [Augustus v6.1 audits](/resources/security/audits/augustus-v6-1)
* [Chains & contracts](/resources/chains-and-contracts)