Security Overview¶
DustSwap's security model spans DustSweep, swaps, burns, spins, and the points/referral system. Key cross-cutting principles:
- Non-custodial contracts. Swap, sweep, burn, and spin actions are user-initiated transactions — you sign every action that moves your assets. Reward vaults are owner-managed but do not hold user funds beyond their stated purpose. See Non-Custodial Design & Approvals (DustSweep-specific) and Wallet Permissions.
- On-chain fee caps. The swap aggregator router and DustSweep's sweep routers enforce hard-capped fees on-chain (3% for the aggregator router). See Swap & Bridge Security and DustSweep Security Model.
- Server-side verification of rewards. Every action that pays Particle Points — swaps, sweeps, burns, spins, quests, referrals — is independently verified against real on-chain transactions or OAuth-linked accounts before any reward is credited. You cannot fake a reward by submitting arbitrary data.
- Off-chain points. Particle Points are a database-tracked balance, not a token — see Risk Disclosures.
- Allowlisted routers only. Sweep and swap contracts can only call pre-approved DEX routers — see DustSweep Security Model.