> For the complete documentation index, see [llms.txt](https://docs.pokefi.xyz/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.pokefi.xyz/reference/security.md).

# Security

PokeFi's security model rests on two foundations: a non-custodial on-chain architecture where no single party can unilaterally move funds or collateral, and a custody bridge where every title token maps to a real, insured, authenticated card. This page documents the design principles, custody and insurance, audit status, known limitations, and how to report vulnerabilities.

***

## Non-Custodial Design

Loan funds and collateral are held in program-derived addresses (PDAs) owned exclusively by the PokeFi Solana program. No human wallet holds private-key authority over any escrow account.

The only ways assets can move are:

| Action                                       | Authorization Required                                                             |
| -------------------------------------------- | ---------------------------------------------------------------------------------- |
| Fund a loan (lender USDC to borrower)        | Lender wallet signature; loan must be `open`; APR at or below the borrower maximum |
| Escrow the card (title token to escrow)      | Happens atomically when the borrower publishes a request                           |
| Repay (borrower USDC to lender)              | Borrower wallet signature; loan must be `funded`                                   |
| Release collateral (escrow to borrower)      | Program logic, on full repayment                                                   |
| Claim default (collateral to lender)         | Program logic; loan `funded` and maturity elapsed                                  |
| Cancel request (release unfunded collateral) | Borrower wallet signature; loan must be `open`                                     |

PokeFi operations staff do not have admin keys, multisig override, or any privileged instruction to seize collateral or drain escrow. There is no "admin withdraw" or "emergency drain" function on the loan escrow.

***

## Custody and Insurance

The collateral is the foundation of the product, so its custody is treated with the same rigor as the smart contracts.

* Cards are held in a professional, insured, climate-controlled vault: 24/7 monitored, fine-art-grade security, fully insured while vaulted.
* Cards are authenticated on intake against the grader's certificate and population report, and checked for counterfeit or tampered slabs.
* PokeFi publishes **proof-of-reserve attestations** that each title token maps to a real, vaulted, authenticated card.

During beta, PokeFi partners with an established custody provider rather than running its own vault, which de-risks custody, insurance, and legal title.

{% hint style="warning" %}
A card is insured while it is in the vault, not while it is in transit to the vault. Insure your shipment for its full value when you send a card in.
{% endhint %}

***

## Audit Status

{% hint style="warning" %}
**Beta disclosure.** PokeFi operates on mainnet during beta with real USDC and real collateral. This means real funds and real cards are at risk. Use only what you are prepared to lose in the event of an undiscovered vulnerability.
{% endhint %}

The core Loan and Title Token programs are audited by an independent Solana security firm before mainnet beta. The audit covers:

* All program instructions and account validation logic
* PDA ownership and signer validation on escrow accounts
* Arithmetic and precision handling in interest and total-repayment calculations
* USDC transfer safety (`transfer_checked` mint and decimal validation)
* Cross-program invocation privilege-escalation risks

The audit report is published in full here on completion, and the deployed program addresses are published and verifiable on Solana Explorer.

***

## Bug Bounty

PokeFi operates a bug bounty. If you discover a vulnerability in the Solana programs or the web application that could result in loss of user funds, loss of collateral, or compromise of user accounts, please report it responsibly.

**Contact:** <security@pokefi.xyz>

**Scope:**

| Severity | Description                                                              | Reward             |
| -------- | ------------------------------------------------------------------------ | ------------------ |
| Critical | Direct theft or permanent freezing of USDC or collateral                 | Up to $50,000 USDC |
| High     | Privilege escalation, unauthorized state transitions, collateral seizure | Up to $10,000 USDC |
| Medium   | Denial of service, loan-state manipulation without asset theft           | Up to $2,500 USDC  |
| Low      | UI/UX vulnerabilities, informational disclosures                         | Up to $500 USDC    |

**Out of scope:**

* Theoretical attacks without a proof of concept
* Issues already documented on this page
* Social engineering against PokeFi staff or the custody partner
* Issues in third-party dependencies outside PokeFi's control

Responsible disclosure means giving PokeFi at least 7 days to patch a critical vulnerability before public disclosure. We commit to responding to valid reports within 24 hours.

***

## Known Limitations

### Valuation Is an Estimate

The PokeFi Reference Price is a blended, conservative estimate, not a guaranteed sale price. A defaulted card may sell for more or less than its Reference Price. Conservative loan-to-value caps are the primary buffer against this, but they do not eliminate the risk. See [Valuation and LTV](/core-concepts/valuation-and-ltv.md).

### Illiquid Collateral

Graded Pokémon cards are far more liquid than generic collectibles, but they are not cash. A card routed to liquidation on default may take time to sell, and the eventual price is not guaranteed. Beta collateral is curated toward liquid, high-population cards to mitigate this.

### Beta Liquidation Is Managed

During beta, liquidation of a defaulted card runs through a managed channel (auction house or marketplace) rather than a fully automated on-chain venue. The venue and process are disclosed, but they involve off-chain execution.

### Legal Title Is a Live Workstream

Enforceable on-chain title to a physical asset, and the mechanism by which default transfers legal ownership to the lender, involve secured-transaction law (UCC Article 9 and Article 12 in the US). PokeFi treats this as a prerequisite settled with counsel, but it is an evolving legal area.

### Solana Network Risk

PokeFi depends on Solana. The network has historically experienced brief instability and halts. The frontend degrades gracefully to read-only during network issues, but transactions cannot be submitted during an outage, and loan maturity dates still advance in real time.

***

## Smart Contract Risk

Smart contracts can contain bugs, and even audited programs have had vulnerabilities found post-audit. Users should:

* Use only amounts, and collateral, they can afford to lose
* Verify the program addresses before signing transactions
* Be skeptical of any third-party site or integration that asks for wallet signatures against PokeFi loan or title-token accounts

The PokeFi program addresses are published and verifiable on Solana Explorer.

***

## Wallet Security

PokeFi never asks for your seed phrase or private key. If any website, application, or person asks for your seed phrase claiming to be PokeFi, it is a scam.

PokeFi transactions are initiated from the official web application only. Verify the URL in your browser before signing any transaction.

Recommended wallet practices:

* Use a hardware wallet (Ledger, or Trezor via a supported wallet) for large positions
* Keep your seed phrase offline, in multiple secure locations
* Use a dedicated wallet for PokeFi activity, separate from your primary holdings


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.pokefi.xyz/reference/security.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
