Security Model
Security & Compliance
Security is the core foundation of the platform. The system is designed so that users maintain full custody of their assets while trades are executed in a provably safe and deterministic way. The platform does not hold user funds, does not act as a custodian, and does not require trust in any centralized operator.
Non-Custodial Design
The platform never takes control of user assets.
Users keep tokens and NFTs inside their own wallets at all times. Assets are only transferred during trade execution and only if both participants have signed and approved the exact trade terms.
There is no deposit system, no wallet balances stored on servers, and no withdrawal process. If the platform infrastructure becomes unavailable, user funds remain fully accessible inside their wallets.
Atomic Settlement Protection
All trades execute using atomic swap logic.
Atomic settlement means the trade either completes fully or fails completely. Partial transfers cannot occur. The smart contract performs both asset transfers inside a single transaction and reverts the entire operation if any requirement fails.
This prevents scenarios such as:
One participant sending assets without receiving the counter asset
Trade execution with modified parameters
Settlement with insufficient approvals or invalid signatures
This guarantees that both sides of a trade are enforced together.
Signature Authorization Model
Trade authorization relies on EIP-712 typed signatures.
Each trade must be signed by participants before it can be executed. These signatures cryptographically confirm:
Trade parameters
Asset types and amounts
Counterparty wallet
Expiration time
Unique nonce identifier
Signatures are verified directly by the smart contract. Orders cannot be modified or forged because any change would invalidate the signature verification.
Signatures only grant permission to execute a specific trade. They do not grant token transfer rights or wallet access.
Replay Attack Protection
Each trade contains a unique nonce value assigned by the trade creator.
Once a trade is executed or cancelled:
The nonce is permanently marked as used
The trade cannot be replayed or reused
Additionally, trade digests are tracked to prevent duplicate execution of identical orders. This dual protection ensures each signed order can only be settled once.
Expiration Enforcement
Trades include a predefined expiration timestamp.
The smart contract rejects any attempt to execute an expired trade. The frontend also filters expired orders from user dashboards to prevent accidental interactions.
Expiration protects users from:
Old trade execution after market conditions change
Orders remaining valid indefinitely
Accidental acceptance of stale trades
Counterparty Enforcement
Every trade explicitly defines the intended counterparty wallet address.
Only the designated participant can accept and execute the trade. This prevents unauthorized third parties from interacting with private peer-to-peer agreements.
Token Compatibility Safeguards
The system supports standard ERC-20 tokens and ERC-721 NFTs. Tokens that use fee-on-transfer mechanics or rebasing supply models are intentionally rejected because they can break deterministic trade settlement.
Restricting token compatibility ensures predictable and verifiable swap execution.
Allowance Safety
Users must grant token approval to the smart contract before execution. Approval allows the contract to transfer only the exact trade amount during settlement.
The contract does not retain allowances or move tokens outside the execution context. Users can revoke allowances at any time using their wallet or blockchain explorer tools.
Database Security Model
Off-chain infrastructure is used only for indexing and order delivery.
Stored trade data includes signed order payloads and metadata, but this information cannot move funds or authorize transfers. Even if database entries were modified, trades would fail on-chain because signature verification would not match the original order.
Database protections include:
Wallet-scoped order retrieval
Access control rules
Immutable trade hashing
Status locking after execution
The blockchain remains the final source of truth for trade validity.
Smart Contract Security Practices
The smart contract follows multiple defensive programming standards:
Reentrancy protection
Strict input validation
Zero-address prevention
Token duplication checks
Nonce tracking
Signature verification before settlement
All-or-nothing execution logic
The contract intentionally avoids administrative controls such as pausing, upgrade keys, or emergency withdrawal mechanisms. Removing administrative authority eliminates centralized risk and reinforces trustless operation.
User Responsibility Model
Users remain responsible for:
Verifying trade details before signing
Confirming correct token contracts
Managing wallet security
Revoking approvals when necessary
Protecting private keys and wallet access
The platform cannot reverse completed blockchain transactions. Users should always review signing prompts carefully before confirming trades.
Compliance Considerations
The platform functions as decentralized infrastructure rather than a brokerage or custodial exchange. It does not:
Hold user funds
Execute trades on behalf of users
Provide investment advice
Act as a marketplace intermediary
Peer-to-peer trades occur directly between participants. Users are responsible for complying with regulations applicable to their jurisdiction when trading digital assets or engaging in fiat-related agreements.
Risk Disclosure
While the system is designed for strong security, blockchain transactions always carry inherent risks, including:
User signing errors
Malicious or fraudulent counterparties
Unsupported token mechanics
Market volatility during trade negotiation
Wallet or device compromise
Atomic execution prevents settlement imbalance but cannot prevent users from agreeing to unfavorable trade terms.
Security Philosophy
The platform security model follows a single principle:
Control remains with users, enforcement remains with the blockchain, and infrastructure remains replaceable.
This separation reduces single points of failure and strengthens long-term reliability.
Last updated