Non-Custodial Design¶
Sera is a fully non-custodial exchange. Your funds are always held in on-chain smart contracts on Ethereum — never by Sera. This page explains what that means, how it works, and why it matters.
What Does Non-Custodial Mean?¶
On a custodial exchange, you transfer your tokens to the exchange and trust them to keep your funds safe. If the exchange is hacked, goes offline, or acts maliciously, your funds are at risk.
On Sera, this is not the case. Your tokens are held in audited, open-source smart contracts deployed on Ethereum. These contracts enforce all rules — deposits, trading, settlement, and withdrawals — through code that anyone can verify. Sera's team cannot move your funds, freeze them arbitrarily, or prevent you from withdrawing.
What Sera Controls vs. What It Doesn't¶
| Component | What it does | Has access to your funds? |
|---|---|---|
| Vault contract | Stores deposited tokens with per-user ledger balances | On-chain custody only |
| Sera contract | Settles matched trades and enforces withdrawals | On-chain custody only |
| Off-chain matching | Matches buy and sell orders (CLOB) | No |
| API | Accepts orders and serves market data | No |
Sera's off-chain services exist solely to match orders. They never hold, control, or have access to your tokens. All fund movements happen on-chain through the smart contracts.
How Your Funds Stay Safe¶
During Trading¶
When you deposit tokens into the Vault, they move from your wallet into the Vault smart contract — not to Sera. The contract tracks your balance under your address. When you place a limit order, your collateral is frozen in the contract. When your order fills, settlement is a ledger update inside the vault — no token movement and no gas cost per trade. This lets professional market makers and financial institutions trade continuously after a single deposit, without paying gas on every fill. At every step, the smart contracts enforce the rules.
During Swaps¶
Swaps don't require a Vault deposit. The system builds the transaction and you sign it with your wallet — because the parameters are structured as EIP-712 typed data, you can review exactly what you're signing (tokens, amounts, recipient) before approving. Settlement then happens atomically on-chain. Sera's off-chain service only facilitates the quote — it never touches your tokens.
If Sera Goes Offline¶
If Sera's API or off-chain services ever become unavailable, you can always recover your funds — including frozen balances — by calling emergencyWithdraw() directly on the Sera smart contract. This works without any interaction with Sera's servers.
The emergency withdrawal process:
- Call
emergencyWithdraw(token, amount)on the Sera contract - Wait ~24 hours (~7,200 blocks) — this delay prevents abuse
- Call
emergencyWithdraw(token, amount)again to execute
See Emergency Withdrawal for the full contract reference.
What If Sera's Servers Are Hacked?¶
Even if an attacker gains full control of all of Sera's off-chain infrastructure, your funds remain safe as long as you don't sign a malicious transaction.
Here's why: Sera's off-chain systems have zero access to your tokens. All fund movements are executed by on-chain smart contracts and require your cryptographic signature. An attacker who compromises Sera's servers cannot:
- Withdraw your funds from the Vault
- Modify your balances
- Settle trades you didn't agree to
- Bypass the smart contract rules
The only attack vector would be tricking you into signing a malicious transaction — for example, a swap with manipulated parameters. But because Sera uses EIP-712 typed data signing, your wallet displays the exact details (token addresses, amounts, recipient) before you approve. As long as you review what you sign, a compromised backend cannot steal your funds.
| Scenario | Risk to your funds |
|---|---|
| Sera's API is compromised | None — off-chain services can't move tokens |
| Attacker modifies order matching | None — settlement still requires valid signatures and on-chain rules |
| Attacker sends you a malicious transaction to sign | Only if you sign it without reviewing — your wallet shows full details via EIP-712 |
| Attacker tries to call contracts directly | Fails — contracts require your signature for any fund movement |
This is the core advantage of non-custodial design: the security of your funds depends on the smart contracts and your own signatures — not on the security of Sera's servers.
Open Source & Auditable¶
All smart contracts are open source. Anyone can:
- Read the contract code to verify the rules
- Independently audit the contracts
- Verify that deployed contracts match the published source code
This transparency is fundamental to the non-custodial guarantee — you don't have to trust Sera, you can verify.
Audit Reports¶
Sera's smart contracts have been independently audited. See the dedicated Audit Reports page for the full list and per-contract source links, or browse the audit folder directly on GitHub.
Summary¶
| Question | Answer |
|---|---|
| Who holds my funds? | The on-chain Vault smart contract |
| Can Sera access my funds? | No — off-chain services never touch your tokens |
| Can I withdraw anytime? | Yes — via the API, or directly on-chain if the API is down |
| Are the contracts open source? | Yes — fully auditable. See Audit Reports. |
| What if Sera disappears? | You withdraw directly on-chain via emergency withdrawal |
| What if Sera's servers are hacked? | Your funds are safe — attackers can't move tokens without your signature |