# Security & Trust ### **Smart Contract Overview** SpurSwap leverages the power of **decentralized smart contracts** that interact directly with blockchain networks.\ Rather than creating new or unverified liquidity pools, SpurSwap routes transactions through **established DEX infrastructures** such as PancakeSwap, Uniswap, or SushiSwap, ensuring your funds always move through **audited, proven, and open-source protocols**. **Key Design Highlights:** * **No intermediary custody:** all transactions occur directly between your connected wallet and the DEX router. * **Transparent interactions:** users can view and verify every transaction on-chain. * **Compatibility with major networks:** supports BNB Chain, Ethereum, Polygon, Base, and other EVM-compatible blockchains. * **Minimal permissions:** SpurSwap never requests unnecessary approvals or signatures beyond what’s required for swaps. This ensures that users remain in **full control** of their assets from start to finish. *** ### **Transparency & Reliability** SpurSwap’s smart contracts are developed with transparency and open verification in mind, ensuring users can review and track all swap operations directly on-chain.\ Users and developers can freely inspect our frontend code and interaction methods to confirm that: * All swap actions are executed via **direct smart contract calls** to DEX routers. * The platform does **not store or forward private keys, mnemonics, or sensitive data**. * Token data and rates are pulled in **real-time** from public APIs or blockchain calls, never hardcoded or manipulated. Additionally, we maintain open channels for: * **Community feedback** on contract behavior and security improvements. * **Bug reporting** or responsible disclosure to enhance protocol integrity. Our philosophy is simple, **trust is built on openness**, not promises. *** ### **Non-Custodial Policy** SpurSwap operates under a **strict non-custodial model**.\ This means: * You maintain **full ownership** of your tokens at all times. * Your wallet’s private keys never leave your device. * SpurSwap never has the ability to withdraw, transfer, or freeze your funds. Every swap you perform is **executed directly from your connected wallet** via smart contracts, no accounts, no deposits, no withdrawals through SpurSwap servers. This approach eliminates the risks associated with centralized platforms while preserving complete user sovereignty over digital assets. *** ### **How We Protect Users** While decentralization inherently increases security, SpurSwap implements several layers of additional protection to keep users safe: 1. **Verified Token Data**\ Token information is sourced from trusted DEX APIs and verified contract addresses to reduce the risk of fake or malicious tokens. 2. **Transaction Validation**\ Before any swap executes, users are prompted to review transaction details, expected output, and slippage tolerance to avoid accidental loss. 3. **Smart Routing Safety**\ The Aggregator Engine automatically chooses routes that minimize gas consumption and avoid low-liquidity pools or potential honeypots. 4. **Phishing Prevention**\ Official SpurSwap domains are always publicly listed, and wallet connections are only initiated via secure, HTTPS-based endpoints. 5. **Data Privacy**\ We do not track or store user activity, wallet addresses, or analytics that could compromise anonymity.\ All session data stays locally on your browser. 6. **Community-Led Security**\ Our roadmap includes a **public bounty program** and **third-party audit partnerships** once core features stabilize.\ Until then, transparency, code review, and responsible user participation remain key security layers. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://spurprotocol.gitbook.io/spurswap-whitepapper/security-and-trust.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.