Security Model

GO Swap is built with security as the highest priority, following industry best practices for decentralized protocols.

Non-Custodial Design

The core security principle of GO Swap is non-custodial architecture:

🔒 Users keep control of private keys - No centralized custody of funds

🔒 Smart contracts are immutable - Cannot be changed after deployment

🔒 No centralized fund custody - All assets remain in user wallets or transparent smart contracts

🔒 Transparent on-chain execution - All transactions are publicly verifiable

Smart Contract Security

Audit Status

Current: Pending professional audit

Planned:

Third-party security audit by reputable firm
Formal verification of critical functions
Bug bounty program for responsible disclosure
Community review period before mainnet launch

Security Practices

✅ Reentrancy Guards - Protection against reentrancy attacks

✅ Safe Math Operations - Overflow/underflow protection built-in (Solidity 0.8+)

✅ Access Controls - Proper permission management

✅ Event Logging - Comprehensive event emission for transparency

✅ Gas Optimization - Efficient code reduces attack surface

✅ Tested Code - Extensive unit and integration tests

Known Limitations

Like all AMMs, GO Swap has inherent characteristics users should understand:

Impermanent Loss - Price divergence affects liquidity providers
Front-running - Public mempool allows MEV extraction
Slippage - Large trades impact prices significantly
Smart Contract Risk - Code bugs could exist despite audits

Operational Security

Rate Limiting

RPC endpoints are rate-limited to prevent:

Denial of service attacks
Resource exhaustion
Spam transactions
API abuse

Infrastructure

Distributed Nodes - Multiple RPC endpoints for redundancy
Monitoring - Real-time alerts for anomalies
Backup Systems - Redundant indexers and APIs
DDoS Protection - Cloudflare and rate limiting

User Security Best Practices

Wallet Security

🔐 Never share private keys - GO Swap will never ask for them

🔐 Use hardware wallets - For large amounts (Ledger, Trezor)

🔐 Verify transactions - Always check details before signing

🔐 Bookmark official site - Prevent phishing attacks

🔐 Enable 2FA - On your email and accounts (not wallet)

Transaction Security

✅ Set slippage limits - Protect against unfavorable price movements

✅ Use deadlines - Prevent stale transactions from executing

✅ Start small - Test with small amounts first

✅ Verify contract addresses - Double-check token addresses

✅ Check approvals - Only approve what you intend to spend

Common Scams to Avoid

❌ Fake tokens - Verify official token addresses

❌ Phishing sites - Only use official GO Swap domain

❌ Social engineering - No admin will DM you first

❌ Fake airdrops - Verify announcements on official channels

❌ Malicious contracts - Don't interact with unverified contracts

Smart Contract Addresses

Always verify contracts on official channels:

Official Website: https://goswap.io
Documentation: https://goswapexchange.com
GitHub: TBA
BSCScan: Contract addresses will be verified on-chain

Verifying Contracts

Go to BSCScan
Search for the contract address
Check the "Contract" tab
Verify the source code is published and verified
Compare address with official documentation

Incident Response

In case of security issues:

Reporting Vulnerabilities

Found a security issue? Report it responsibly:

Email: security@goswap.io
Bug Bounty: TBA (coming soon)
Response Time: 24-48 hours for critical issues

Do not:

Publicly disclose before resolution
Exploit vulnerabilities for personal gain
Share details on social media

Emergency Procedures

In case of critical issues:

Immediate Notification - Alerts via Discord, Twitter, website
Pause Mechanisms - Emergency pause if available (governance controlled)
User Communication - Regular updates on status
Resolution Plan - Clear roadmap for fixes

Multi-Signature Controls

Critical protocol functions use multi-sig wallets:

Treasury Management - Requires 3 of 5 signatures
Emergency Actions - Requires 4 of 7 signatures
Upgrade Proposals - Requires governance vote + multi-sig

This prevents single points of failure and ensures decentralized control.

Blockchain Security

Replay Protection

All transactions include:

Chain ID verification
Nonce management
Signature validation

Prevents cross-chain replay attacks.

Finality Considerations

BSC Finality: ~15-20 blocks for practical finality
Reorg Protection: Wait for sufficient confirmations
Monitoring: Indexer tracks chain reorganizations

Third-Party Integrations

When integrating GO Swap:

✅ Verify SDK authenticity - Use official libraries only

✅ Audit dependencies - Check npm packages for vulnerabilities

✅ Secure API keys - Store credentials securely

✅ Rate limit your app - Don't hit API limits

✅ Handle errors gracefully - Failed transactions should be caught

Continuous Improvement

Security is an ongoing process:

Regular security reviews
Community feedback integration
Bug bounty program (coming soon)
Protocol upgrades via governance

Stay informed:

Discord: Security announcements
Twitter: Real-time updates
GitHub: Code changes and discussions

Non-Custodial Design​

Smart Contract Security​

Audit Status​

Security Practices​

Known Limitations​

Operational Security​

Rate Limiting​

Infrastructure​

User Security Best Practices​

Wallet Security​

Transaction Security​

Common Scams to Avoid​

Smart Contract Addresses​

Verifying Contracts​

Incident Response​

Reporting Vulnerabilities​

Emergency Procedures​

Multi-Signature Controls​

Blockchain Security​

Replay Protection​

Finality Considerations​

Third-Party Integrations​

Continuous Improvement​