> ## Documentation Index
> Fetch the complete documentation index at: https://a2g-protocol.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Hardening

> SIWE verification, token management, rate limiting, and security best practices.

## SIWE Signature Verification

Servers MUST perform full EIP-191 signature verification. Common pitfalls:

* Failing to verify that the recovered address matches the claimed address
* Accepting expired or reused nonces
* Not binding the SIWE message to the server's domain
* Accepting signatures for a different chain ID

Nonces MUST expire after 5 minutes and MUST NOT be reused.

## Token Management

Authentication tokens should be:

* Generated with a cryptographically secure random source
* Opaque (no embedded user data)
* Limited lifetime (default: 24 hours)
* Never appear in URLs, logs, or error messages

## Rate Limiting

Implement rate limiting on all endpoints. Recommended limits:

| Endpoint              | Limit                 |
| --------------------- | --------------------- |
| `/api/auth/challenge` | 10/minute per IP      |
| `/api/auth/verify`    | 5/minute per IP       |
| WebSocket messages    | 60/minute per session |
| `submit_action`       | Governed by game pace |

## Replay Protection

Servers MUST maintain a set of seen `messageId` values per session and reject duplicates. The set may be pruned after session expiry.

## Balance Integrity

Server credit balances MUST survive server restarts. Use durable storage (write-ahead log, ACID database, or event sourcing). The invariant: no credits may be created or destroyed by a server failure.

## Transport Security

* TLS 1.2 minimum, TLS 1.3 recommended
* Reject plaintext WebSocket (`ws://`) and HTTP connections in production
* Use secure WebSocket (`wss://`) and HTTPS exclusively