> For the complete documentation index, see [llms.txt](https://limelight-1.gitbook.io/limelight-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://limelight-1.gitbook.io/limelight-docs/developers/audit-and-security.md).

# Audit & Security

## Move Language Safety

Limelight's contracts are written in **Move**, whose resource-oriented model treats assets as typed resources that cannot be accidentally copied, double-spent, or destroyed. This eliminates whole classes of vulnerabilities common in older smart-contract languages (reentrancy, integer-overflow asset loss, and similar). For a platform that holds and settles user funds, this safety model is a core part of the security posture.

## Audits

Limelight's Move modules are subject to security review before and during mainnet operation.

{% hint style="info" %}
Specific audit firms, scopes, and report links will be published here as reviews complete. Do not assume a given auditor or result until it's listed.
{% endhint %}

## You Control Your Wallet

* **Trading wallets stay with users.** Limelight and its bots never hold your private keys; your wallet is secured by Privy, and only you can authorize it to move funds.
* **You authorize every bot action.** The [Discord bot](/limelight-docs/knowledge-base/discord-bot.md) and [X bot](/limelight-docs/knowledge-base/x-bot.md) act only within your own Limelight account, linked through **Privy** — they never hold your private keys, and every fund-moving action (a trade) requires your explicit confirmation. The bots can't move funds out of your account on their own.
* **Confirmations on fund-moving actions.** Any command that moves funds routes through an explicit confirmation step.

## Collateral & Oracle Considerations

* **USDCx** is a native, on-chain-backed stablecoin, which keeps third-party bridge risk out of the core collateral.
* **Pyth** price resolution binds outcomes to a verifiable on-chain value read in the resolving transaction, reducing manual-adjudication surface for price markets.

## Responsible Disclosure

If you discover a vulnerability, please report it privately to the Limelight team rather than disclosing publicly. A formal bug-bounty program and disclosure contact will be published here.

{% hint style="info" %}
See [Risks](/limelight-docs/legal/risks.md) for a plain-language summary of the risks involved in using Limelight.
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://limelight-1.gitbook.io/limelight-docs/developers/audit-and-security.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
