# Why Trust SBS!? ### 🔒 **Security Is Not a Feature — It’s Our Foundation** In a world of hacked wallets, rug pulls, and fake volume, **trust is earned through code, not promises**. We don’t just *say* we’re secure **we prove it with on-chain verification & zero-trust architecture**. ### 🛡️ **1. Jupiter Ultra: The Only Swap Engine We Trust** > **You never sign blind. We never touch your instructions.** | What Others Do | What We Do | | -------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------- | | Build transactions on backend → can insert hidden fees or malicious instructions | **100% Jupiter Ultra API** → Transactions are pre-built by Jupiter’s battle-tested router | | Backend signs or modifies tx | **Frontend deserializes & signs locally** → You see *exactly* what you sign | | Custom instructions = attack surface | **Zero custom instructions** → No way to manipulate swaps | **Result**: Your swap is impossible to tamper with. ### ✅ **2. On-Chain Points: No Fake Volume, No Bots, No Bullshit** > **Every point is backed by a real, verified Solana transaction.** | Vulnerability | Fixed How | | --------------------------- | ----------------------------------------------------------------------------------------------------------- | | Fake points via spoofed API | **On-chain verification**: We fetch getParsedTransaction() and validate amount, signer, and Jupiter program | | Replay attacks | **One-time use**: transactionSignature stored in DB — claim once, forever | | Inflated volume | **Amount delta check**: Post - pre token balance must match your claim (±0.01) | | Stolen tx credits | **Signer must = your wallet** — no using someone else’s swap | **See for yourself**: Every leaderboard entry links to **Solscan** with the exact transactionSignature. ### 🔐 **3. Wallet Ownership is Ironclad Proof** > **No session cookies. No JWT. Just Solana signatures.** ``` // You sign: { ts: 171287123, path: "/api/points-update" } // We verify with nacl.sign.detached.verify() ``` * **No endpoint accepts wallet address without a fresh signature** * **Timed expiry** on signed messages * **Path-specific messages** prevent replay across endpoints * **Applied to**: /user-stats, /buy-sets, /points-update, /swap-history **Result**: An attacker would need **your private key** to act as you. Game over.\ \ 🚀 **Viral Growth, But Never at the Cost of Trust** We **reward real usage**, not bots: | Mechanism | Trust Guarantee | | ----------------------- | ----------------------------------------------------------- | | **Referral Bonus** | Only paid if **referrer’s wallet has verified swap volume** | | **Airdrop Eligibility** | Gated by **on-chain points** — no sybil, no fake accounts | | **Leaderboard** | Public transactionSignature → anyone can verify | ### 🏆 **Trusted by Design, Verified by Solana Blockchain** | Claim | Proof | | ---------------------------------- | ------------------------------------- | | **No backend transaction control** | Jupiter Ultra builds all instructions | | **No fake points** | Every point = verified on-chain swap | | **No data leaks** | Wallet-signed access only | | **No hidden fees** | Referral wallet locked in env |