Corewilds Security

Security

Corewilds treats the server as the authority for economy events and keeps wallet custody out of the product.

Trust architecture

A voxel economy cannot trust the browser blindly. The client is where players see the world and send input, but meaningful reward events must be checked by the server. Corewilds's reward queue is designed around that principle. Mining, kills, drops, resource movement and claim activity can be reviewed before anything becomes eligible for later settlement.

Anti-abuse logic includes rate limits, cooldowns, suspicious mining detection, unusual kill pattern review and queue caps. These systems do not make the economy perfect, but they create friction against scripted extraction and give operators a way to pause questionable activity.

Wallet verification is planned around signatures and public address mapping. Corewilds should not ask for private keys and should not act as a custodial wallet. Account mapping can connect a player identity to a wallet while leaving control with the user.

Security Layers

Server authority

Client reward claims are never treated as final authority.

Rate limits

Mining and combat activity can be capped per time window.

Suspicious flags

Unusual patterns can enter review instead of settlement.

Wallet signatures

Planned verification without private key storage.

Admin secrets

Administrative routes stay protected by server-side secrets.

Backups

World backups and exports support recovery and auditing.

No custody

Corewilds does not need to hold user private keys.

Queue review

Eligible events remain subject to approval and policy.