Non-Custodial Design¶
Sera is a fully non-custodial exchange. Vault balances are held in on-chain smart contracts on Ethereum — never by Sera. This page explains what that means, how it works, and why it matters.
What Does Non-Custodial Mean?¶
On a custodial exchange, you transfer your tokens to the exchange and trust them to keep your funds safe. If the exchange is hacked, goes offline, or acts maliciously, your funds are at risk.
On Sera, this is not the case. Deposited tokens are held in audited, open-source smart contracts deployed on Ethereum. These contracts enforce deposits, trading, settlement, and withdrawals through code that anyone can verify. Sera cannot take custody of your funds or seize them; compliance controls may restrict platform-mediated activity, but direct emergency withdrawal remains available for Vault balances.
What Sera Controls vs. What It Doesn't¶
| Component | What it does | Has access to your funds? |
|---|---|---|
| Vault contract | Stores deposited tokens with per-user ledger balances | On-chain custody only |
| Sera contract | Settles matched trades and enforces withdrawals | On-chain custody only |
| Off-chain matching | Matches buy and sell orders (CLOB) | No |
| API | Accepts orders and serves market data | No |
Sera's off-chain services exist solely to match orders. They do not custody your tokens. All fund movements happen on-chain through the smart contracts.
How Your Funds Stay Safe¶
During Trading¶
When you deposit tokens into the Vault, they move from your wallet into the Vault smart contract — not to Sera. The contract tracks your balance under your address. When you place a limit order, your collateral is frozen in the contract. When your order fills, settlement is a ledger update inside the vault — no token movement and no gas cost per trade. This lets professional market makers and financial institutions trade continuously after a single deposit, without paying gas on every fill. At every step, the smart contracts enforce the rules.
During Swaps¶
Swaps don't require a Vault deposit. The system builds the transaction and you sign it with your wallet — because the parameters are structured as EIP-712 typed data, you can review exactly what you're signing (tokens, amounts, recipient) before approving. Settlement then happens atomically on-chain. Sera's off-chain service facilitates the quote but does not custody your tokens.
If Sera Goes Offline¶
If Sera's API or off-chain services ever become unavailable, you can recover Vault balances — including balances frozen in open orders — by calling emergencyWithdraw() directly on the Sera smart contract. This works without any interaction with Sera's servers.
The emergency withdrawal process:
- Call
emergencyWithdraw(token, amount)on the Sera contract - Wait ~24 hours (~7,200 blocks) — this delay prevents abuse
- Call
emergencyWithdraw(token, amount)again to execute
See Emergency Withdrawal for the full contract reference.
What If Sera's Servers Are Hacked?¶
If an attacker compromises Sera's public API or matching services, the smart contracts still enforce signatures and settlement rules.
Here's why: Sera's off-chain systems do not custody your tokens. Fund movements are executed by on-chain smart contracts and require valid authorization. An attacker who compromises public services cannot:
- Withdraw your funds from the Vault without valid authorization
- Settle trades outside the signed limits
- Bypass the smart contract rules
A major remaining risk is signing a malicious transaction — for example, a swap with manipulated parameters. Because Sera uses EIP-712 typed data signing, your wallet displays the details (token addresses, amounts, recipient) before you approve. Review those fields before signing.
| Scenario | Risk to your funds |
|---|---|
| Sera's API is compromised | Off-chain services cannot custody or withdraw your tokens |
| Attacker modifies order matching | Settlement still requires valid signatures and on-chain rules |
| Attacker sends you a malicious transaction to sign | Only if you sign it without reviewing — your wallet shows full details via EIP-712 |
| Attacker tries to call contracts directly | Fails — contracts require your signature for any fund movement |
This is the core advantage of non-custodial design: the security of your funds depends on the smart contracts and your own signatures — not on the security of Sera's servers.
Open Source & Auditable¶
All smart contracts are open source. Anyone can:
- Read the contract code to verify the rules
- Independently audit the contracts
- Verify that deployed contracts match the published source code
This transparency is fundamental to the non-custodial property — you don't have to trust Sera, you can verify.
Audit Reports¶
Sera's smart contracts have been independently audited. See the dedicated Audit Reports page for the full list and per-contract source links, or browse the audit folder directly on GitHub.
Summary¶
| Question | Answer |
|---|---|
| Who holds my funds? | The on-chain Vault smart contract |
| Can Sera access my funds? | Off-chain services do not custody your tokens |
| Can I withdraw? | Yes — via the API, or through the delayed emergency-withdrawal flow if the API is down |
| Are the contracts open source? | Yes — fully auditable. See Audit Reports. |
| What if Sera disappears? | You recover Vault balances through emergency withdrawal |
| What if Sera's servers are hacked? | Smart-contract rules still require valid authorization for fund movement |