Every line of Velora’s on-chain code goes through independent third-party audits before reaching production. This page lists every audit on record, plus the wider security posture: formal verification, monitoring, and Web2 testing.
Smart-contract audits
| Surface | Auditors | Notes | Detail |
|---|
| Augustus v6.2 | Certora, PeckShield, AstraSec | Refinements to fee-claiming on top of v6.1; prior v6.1 audits remain applicable | v6.2 audits |
| Augustus v6.1 | Certora, Hexens, PeckShield, Hacken, AstraSec | First DEX aggregator with formal verification (Certora) | v6.1 audits |
| Augustus v5 | PeckShield, Solidified | Production-grade aggregator router | v5 audits |
| AugustusRFQ | PeckShield | Fungible-token RFQ contracts | RFQ audits |
Web3 security
Independent audits
Every contract that handles user funds (Augustus router, Delta settlement, Portikus, RFQ) is reviewed by at least one independent security firm before deployment. Reports are publicly disclosed.
Augustus v6.1 underwent formal verification by Certora, mathematically proving correctness for critical invariants. To our knowledge, ParaSwap was the first DEX aggregator to ship a formally-verified router.
Continuous monitoring
Live monitoring on production contracts detects abnormal flows, suspicious transaction patterns, and unexpected state transitions. Emergency pause mechanisms are in place for critical surfaces.
Web2 security
Annual third-party penetration testing covers the Velora API, the partner portal, and supporting backend infrastructure.
Reporting a vulnerability
Found something? Email security@velora.xyz with a clear description, reproduction steps, affected surfaces, and your assessment of impact. Do not file public issues or post details on social media until the team has acknowledged the report and coordinated disclosure.
Related pages
Last modified on June 10, 2026
