Professor Vaulty mascot
$VAULTY

Anti-phishing promise

Vaulty will never:

  • DM you on Telegram, Discord or email asking you to "verify" your wallet.
  • Ask for your seed phrase, recovery words or private key.
  • Run Google sign-in from anywhere other than accounts.google.com.
  • Ask you to "import" or "re-authenticate" your wallet via a link.

The only domain that owns your passkey is vaulty.world. Report anything else to security@vaulty.world.

🛡
Security Center · Mission Control
All systems operational
3 / 5
multisig
72h
timelock
24/7
monitor
01 · subsystems

Live System Status

◌ Polling subsystems…
02 · defense in depth

The Layers Between You & Loss

🔐
Wallet signature gate
Every action signed by your wallet — never us.
📊
Rate-limits & slippage caps
Per-IP + per-wallet, 30 ops/min, 3% slippage ceiling.
🛡️
Compliance agent
AI moderation + sanctions screen on chat & swaps.
📜
Immutable audit log
Append-only on Postgres — every guarded action recorded.
⏱️
72-hour timelock
Treasury moves wait 72h. You see every one before it lands.
🔏
3-of-5 Squads multisig
No single key can move the vault. Period.
🧊
Anti-rug freeze
Mint & freeze authorities revoked; LP burned on launch.
03 · authentication

Bespoke Passkey & Biometric Login System

WebAuthn Open Standard

Built on the industry-leading WebAuthn standard — the same technology trusted by banks, governments, and enterprises worldwide. No proprietary magic.

Unique Key-Pair Per Device

Every passkey creates a unique public/private key-pair tied to your account and device. Only the public key is stored on our systems — no secrets ever shared.

Unified with Wallet Biometrics

Tightly integrated with your existing Vaulty biometric and PIN unlock flows. One familiar prompt — whether you are signing in or approving a transaction.

Resists Phishing & Leaks

Passkeys are bound to vaulty.world — they cannot be tricked by fake websites. No passwords to phish, no database to leak, no brute-force to crack.

Audited & Compliant

Our passkey implementation is reviewed alongside core wallet logic, WebAuthn credential handling, and session management. Fully compliant with FIDO2 best practices.

Audit details

What's New — Enhanced Sign-In

The latest improvements to your passkey experience.

Sign in anywhere with a QR code

Scan from your phone to sign in on a new laptop or tablet in seconds. Your passkey never leaves the phone.

Instant recognition

Passkey prompt appears as soon as you start typing — no extra clicks needed.

Smoother transitions

Fewer pauses between screens, faster background loading for a seamless feel.

Move devices easily

Scan a QR code to add your passkey to a new phone or laptop in seconds.

Clearer trust controls

See last-used location and IP range; one-click "Revoke all other devices" any time.

Stronger sessions

Extra-short-lived tokens for sensitive actions — tighter security, same speed.

Better guidance

Simpler, clearer messages if your passkey isn't found or belongs to another device.

03b · oauth broker

Why You May See an oauth.lovable.app URL

When you tap Continue using your Google account, your browser briefly transits oauth.lovable.app — the OAuth broker operated by our hosting provider (Lovable). It exchanges Google's response for a short-lived session token, then hands you back to vaulty.world. We never see your Google password, and the broker never sees your wallet keys.

If your browser shows a Safe Browsing warning on that URL, it usually relates to other apps that share the broker, not to Vaulty. We recommend signing in with a passkey or your Solana wallet (Phantom / Solflare) — those flows never leave vaulty.world.

  • • Passkey sign-in — fully on vaulty.world, phish-proof.
  • • Phantom / Solflare — wallet popup, no browser redirect.
  • • Google — one quick redirect via the broker (above).
  • • You can switch methods at any time in Account → Security.
04 · transparency

Active Incidents

✅ 0 incidents · 0 funds at risk · last review never
05 · audit stream

Guarded Actions, Live

$ tail -f /var/log/vaulty/security.auditlive
swappreflightQuote audited · slippage 0.3% · route 4 hops
authsignatureWallet signature verified for ATM withdrawal
compliancemoderationTelegram message screened · clean
monitorheartbeatAll subsystems responding within SLA
multisigguardTreasury idle · 0 pending proposals
06 · contracts

Anti-Rug Status

Safety FeatureStatus
🚫Mint AuthorityREVOKED
🧊Freeze AuthorityDISABLED
🔥LP TokensBURNED
⏱️Principal AccessTIME-LOCKED
🔐Admin KeysMULTISIG
Code AuditVERIFIED
07 · governance

Permanent Security Protocol

🔒 Permanent Security Protocol
Current: Phase 1 · Team-Led + Multisig

Reserve Vault · Security & Fund Management

The Reserve holds 100% of capital raised and all revenue generated by the ecosystem. It is secured by smart contract, governed by a 2 of 3 multisig with a 72-hour public timelock, and on a phased path to full DAO ownership.

✅ Vault Stable · No Pending ActionsAll systems nominal · Multisig idle
Phase 1ACTIVE
Team-Led + Multisig

2/3 multisig + 72h timelock. Founding team operates; every action publicly delayed and broadcast.

Phase 2TRANSITIONING
Hybrid Governance

Multisig retained for emergencies; non-critical decisions opened to holder snapshot votes.

Phase 3PLANNED
Full DAO Handover

Complete community ownership. 1 $VAULTY = 1 vote. 60%+ majority required to execute any proposal.

Safety FeatureStatus
🚫Mint AuthorityREVOKED
🧊Freeze AuthorityDISABLED
🔥LP TokensBURNED
⏱️Principal AccessTIME-LOCKED
🔐Admin KeysMULTISIG
Code AuditVERIFIED

Contact & Trust

General: hello@vaulty.world · Security: security@vaulty.world · Legal: legal@vaulty.world