Security, audits & contracts
The routing layer is non-custodial: it never holds your funds or keys, so there is no pooled balance to freeze or lose. Everything a security researcher would ask for — audit scope, reports, deployed addresses, and a bounty — lives on this page, in full, not summarized.
Architecture: non-custodial by design
A swap moves value directly between your wallet and third-party liquidity venues through the router and its quote signer. The protocol takes no ownership or unilateral control of assets in transit. There is no custodial account, so the largest class of exchange failure — lost or frozen customer balances — cannot occur here by construction.
Audits
Core router & settlement ◔ IN PROGRESS
Independent audit of the router, quote signer and settlement contracts is underway ahead of mainnet. The full report — findings, severities and remediations — will be published here verbatim, not as a marketing summary.
Cross-chain message verification ◔ SCHEDULED
Second review focused on the bridge-message and refund paths, scoped separately so the highest-risk surface gets dedicated eyes.
Auditors and report links appear here on completion. No launch to mainnet before both pass.
Bug bounty
A scoped bounty covers the router, quote signer, settlement and refund paths. Findings are triaged fast; rewards are assessed per report and scaled by severity and demonstrated impact.
Submit a finding
Email [email protected] — rewards are discussed per report. In scope: on-chain contracts + quote signer. Out of scope: third-party venues, testnet, and social engineering.
Deployed contracts
Every deployed address will be listed here and verifiable on its chain’s explorer. No unreadable proxy; upgrade authority is behind a time-lock so any change is visible before it takes effect.
| Contract | Chain | Address | Status |
|---|---|---|---|
| Router | Ethereum | 0x… (at launch) | pending |
| Settlement | Ethereum | 0x… (at launch) | pending |
| Quote signer | off-chain + on-chain verify | 0x… (at launch) | pending |
| Router | Solana | … (at launch) | pending |
| Time-lock | Ethereum | 0x… (at launch) | pending |
Report a vulnerability
Security contact: [email protected] (PGP key publishes at launch), or @toptraders0x on Telegram. Please disclose responsibly and give us a reasonable window to remediate before going public.
Pre-launch demo. Contract addresses, audit reports and bounty terms are placeholders until mainnet and do not yet represent deployed code.