# 10.2 Security Design: Balancing Decentralization, Practicality, and Deterrence

The security framework of WellthVerse combines decentralized design, inherent to Web3, with practical centralized controls to ensure real-world operability and user protection.<br>

**User Protection**

| **Risk**                 | **Countermeasure**                                                                                                                                |
| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------- |
| Device Theft or Loss     | Users can submit a “loss report” via the Portal → Smart contract halts Earn functionality between the affected device and wallet.                 |
| Unauthorized Access      | Login requires signed authentication.                                                                                                             |
| Wallet Replacement       | Wallet changes can only be approved via manual verification by the operator, with re-registration of ID linkage (no automatic updates permitted). |
| Fraudulent NFT Transfers | NFTs can be restricted by wallet-level settings (e.g., non-transferable mode when locked).                                                        |

#### Smart Contract Security

* External security audits are conducted to verify the safety of core contracts.
* WELV tokens, NFTs, and exchange-related functions are designed based on the principles of least privilege and owner-based restrictions.