🔒Security Tips

Protecting assets and reputations is integral to the Starry ethos. Below is our multi‑layered defence model and recommended best practices.

Platform safeguards

• Client‑side encryption: Privy stores keys encrypted at rest; decryption happens only within the user’s session.

• 2FA enforcement: High‑value withdrawals (>10 SOL) trigger a mandatory one‑time passcode via your Twitter‑linked email.

• Rate‑limited endpoints: Swap and ticket‑purchase APIs are gated to prevent brute‑force exhaustion or replay.

• Code audits: Core contracts reviewed by OtterSec and posted in /audits; annual re‑audits scheduled every Q1.

• Real‑time anomaly detection: A machine‑learning monitor flags abnormal trading velocity or swap patterns for manual review.

User best practices

• Enable 2FA on Twitter to protect the social‑login root.

• Export your private key (Profile → Fantasy Wallet) and store it in a hardware wallet or offline vault.

• Verify URLs—Starry uses only app.starry.so; bookmark it and ignore DM links.

• Rotate sessions—log out from shared devices; Privy token invalidation happens instantly.

• Stay informed—subscribe to the Status page for downtime alerts and security bulletins.

Closing thought: Security is not a set‑and‑forget checkbox. Treat it as an evolving discipline and you’ll safeguard both your SOL and your reputation in the arena.

We keep it transparent, mathematical, and publicly verifiable:

P n L % = ((Final Portfolio Value – Initial Portfolio Value) / Initial Portfolio Value) × 100

• Pricing comes from a rolling TWAP fed by multiple Solana DEX pools.

• Updates propagate every 10 s; you can literally watch your rank oscillate.

• Unused SOL counts toward value; sitting in cash is a viable meta in choppy markets.

• Ties break by (1) higher trade count, then (2) earliest final trade.