Security & Best Practices
Date: 2025-01-12 Audience: All users Reading Time: 12 minutes
Why MintCraft Is Trustless
Program-Controlled Treasuries
Traditional Model (❌ Trust Required):
Fees → Creator's Wallet
Problem: Creator can disappear with fundsMintCraft Model (✅ Trustless):
Fees → Program Derived Addresses (PDAs)
Benefit: No one controls PDAs, only smart contract logic7 Treasury PDAs:
- Reflection Treasury - Controlled by program
- Jackpot Treasury - Controlled by program
- Auto-LP Treasury - Controlled by program
- Burn Treasury - Controlled by program
- Fee Split Config - Immutable configuration
- Keeper Treasury - Funds keeper operations
- Creator Fee Wallet - Only 15% goes here
Key Point: 85% of fees locked in program-controlled PDAs!
No Private Keys Exist
PDAs Are Special:
- Derived deterministically from seeds
- No private key can ever be generated
- Only the program can sign for them
- Mathematically impossible to control manually
Verification:
Anyone can derive PDA address:
seeds = ["reflection-treasury", mint_address]
program = Hbcw8A9kdqWHt1p5C6XY1864t4PjNWa8zaiysfZMqBn4
Result: Deterministic address with no private keyPermissionless Operations
Anyone Can Trigger:
- Reflection distributions
- Jackpot drawings
- Auto-LP injections
- Burn executions
Benefits:
- No dependency on creator
- Community can keep system running
- Multiple keeper bots possible
- Fully decentralized
Wallet Security
Hardware Wallets (Recommended)
For High-Value Operations:
- Creating tokens on mainnet
- Managing creator fee wallet
- Holding significant SOL
Recommended:
- Ledger Nano S/X
- Trezor Model T
Why:
- Private keys never leave device
- Must physically confirm transactions
- Immune to computer viruses
Software Wallet Best Practices
Password Security:
- Use 20+ character passwords
- Unique per wallet
- Password manager recommended
- Never reuse passwords
Seed Phrase Storage:
- ✅ Write on paper, store in safe
- ✅ Metal backup (fire/water resistant)
- ✅ Split across secure locations
- ❌ Never digital (no photos, no cloud)
- ❌ Never share with anyone
- ❌ No screenshots
Browser Extension Safety:
- Only install from official sources
- Verify publisher before installing
- Check permissions requested
- Keep browser updated
Multi-Signature Wallets
For Team Projects:
- Require 2-of-3 or 3-of-5 signatures
- No single point of failure
- Prevents rogue team member
- Professional appearance
Recommended:
- Squads Protocol
- Goki Smart Wallet
Common Scams to Avoid
Fake Token Creation Sites
How It Works:
1. Scammer creates mintcraft-[typo].com
2. Looks identical to real site
3. User connects wallet
4. Malicious transaction drains walletProtection:
- Bookmark real site: app.mintcraft.co
- Check URL carefully (no typos)
- Verify SSL certificate
- Never click email/DM links
Phishing Wallet Connections
Red Flags:
- Site requests "approve all tokens"
- Transaction shows large SOL transfer
- Asks for seed phrase (NEVER legitimate)
- Urgency tactics ("act now or lose access")
Protection:
- Read every transaction carefully
- Reject anything unexpected
- Never share seed phrase
- Use hardware wallet for valuable operations
Treasury Address Swaps
How It Works:
1. User copies treasury address
2. Malware swaps clipboard content
3. User pastes attacker's address
4. All fees go to attackerProtection:
- Verify address after pasting
- Check first/last 4 characters minimum
- Use address book feature
- Test with small amount first
Fake Customer Support
Common Tactics:
- "DM me, I'm support" (MintCraft NEVER DMs first)
- "Validate your wallet" (not real)
- "Sync your wallet" (scam)
- Asks for seed phrase (instant red flag)
Reality:
- MintCraft never asks for seed phrases
- Never DMs users first
- Support is public channels only
- No "wallet sync" needed
Rug Pulls (Even With MintCraft)
Still Possible If:
- Creator keeps mint authority
- Creator didn't use Auto-LP
- Liquidity not locked
- No verification done
Protection:
- Verify mint authority revoked
- Check LP is in program PDA
- Review token creator history
- Start small, test first
Verifying Your Token
Check Mint Authority
Should Be:
- Revoked (null)
- OR set to governance program
- Never creator's personal wallet
How to Check:
1. Go to explorer.solana.com
2. Enter your token mint address
3. Look for "Mint Authority"
4. Should show: "Disabled" or "None"If Still Active:
- Creator can mint infinite tokens
- Dilute all holders
- Major red flag
Verify Treasury PDAs
Check Each Treasury:
Reflection Treasury:
- Seed: ["reflection-treasury", mint]
- Owner: Program (not wallet)
- Balance: Growing over time
Jackpot Treasury:
- Seed: ["jackpot-treasury", mint]
- Owner: Program
- Balance: Growing then resetting (after draws)
Auto-LP Treasury:
- Seed: ["autolp-treasury", mint]
- Owner: Program
- Balance: Fluctuates (fills then empties on injection)Red Flags:
- Treasuries owned by wallet addresses
- Balances decreasing unexpectedly
- Withdrawals to unknown addresses
Verify LP Lock
Check Pool LP Tokens:
1. Find pool address
2. Check pool LP token mint
3. Find who holds LP tokens
4. Should be: Program PDA or burned
Red flag: Creator wallet holds LP tokensOn-Chain Verification:
- View all LP token holders
- Largest holder should be program
- No transfer authority set
- No close authority set
Transaction Security
Always Review Before Signing
Check Every Transaction:
- Which program am I interacting with?
- What accounts am I accessing?
- How much SOL am I spending?
- What tokens am I approving?
- Does this match what I expect?
Red Flags:
- Unknown program ID
- Large SOL amounts
- "Approve all" token permissions
- Unexpected account accesses
Simulation Results
Modern Wallets Show:
- Balance changes (before/after)
- Accounts accessed
- Programs involved
- Estimated fees
If Simulation Fails:
- ❌ DO NOT SIGN
- Transaction will fail on-chain
- Wasted gas fees
- Investigate why first
Revoke Unnecessary Approvals
Token Approvals:
- Apps sometimes get approval for your tokens
- Should only approve what's needed
- Revoke old/unused approvals
How to Revoke:
Visit: revoke.cash (for EVM)
Solana: Check wallet's approval management
Review and revoke:
- Old DApp approvals
- Unused token permissions
- Unknown program accessCreator Security Practices
Secure Your Treasury Wallet
This Wallet Receives 15% of Fees:
- Use hardware wallet (Ledger/Trezor)
- Multi-sig for team projects
- Separate from personal wallet
- Regular security audits
Never:
- Store on exchange
- Use same wallet for testing
- Share access with anyone
- Leave on hot wallet long-term
Team Management
If Multiple People:
- Use multi-sig wallet
- Require 2-3 signatures
- Document all signers
- Regular access reviews
- Offboard process for ex-team
Access Control:
- Separate admin accounts
- Minimum required permissions
- Audit logs for all actions
- Regular permission reviews
Operational Security
For Creator Operations:
- Dedicated computer for crypto
- Up-to-date OS and software
- Antivirus/antimalware
- No pirated software
- VPN for public WiFi
Information Security:
- Don't disclose treasury balances
- Don't reveal security measures
- Be vague about wallet details
- OPSEC: Assume bad actors watching
MEV Protection (DBC Pools)
What Is MEV?
MEV (Maximal Extractable Value) refers to profit extracted from users by manipulating their transactions:
Sandwich Attack Example:
1. You submit: Buy 1000 tokens at $0.01
2. Attacker sees your transaction (pending)
3. Attacker buys first → Price rises to $0.012
4. Your buy executes at $0.012 (worse price)
5. Attacker sells at $0.012 → Pockets the differenceResult: You paid $12 instead of $10 - attacker stole $2 from you.
How MintCraft DBC Protects You
Hybrid CPI Guard:
Direct swap (you → DBC) → ✅ ALLOWED
Via Jupiter/Raydium → ✅ ALLOWED (allowlisted)
Via unknown program → ❌ BLOCKED
Deep CPI (>2 levels) → ❌ BLOCKED
Multiple swaps/tx → ❌ BLOCKED (sandwich pattern)Why This Works:
- Legitimate aggregators (Jupiter, Raydium, Orca) are allowlisted
- Sandwich bots typically use custom programs (not allowed)
- Deep CPI indicates complex MEV strategies (blocked)
- Multi-swap detection catches sandwich patterns
Allowlisted Programs
Pre-approved Aggregators:
| Program | Description |
|---|---|
| Jupiter v6 | ~80% of Solana swap volume |
| Jupiter DCA | Dollar-cost averaging |
| Raydium AMM v4 | Major DEX |
| Raydium CLMM | Concentrated liquidity |
| Raydium CP-Swap | Constant product pools |
| Orca Whirlpool | Concentrated liquidity |
| Phoenix | Order book DEX |
These are safe because:
- Well-audited, public programs
- Cannot be used for sandwiching
- Essential for healthy trading volume
Timelocked Governance
24-Hour Timelock on Changes:
1. Governance proposes to add/remove program
2. Proposal created on-chain (public)
3. 24-hour waiting period begins
4. Community can monitor and react
5. After 24h: Anyone can executeWhy Timelocks Matter:
- Prevents instant malicious changes
- Community has time to respond
- All proposals visible on-chain
- Transparent governance
No Kill Switch: There is no way to disable MEV protection entirely. This protects users from governance attacks.
Verify MEV Protection
Check CPI Allowlist:
bash
# View current allowlist
npx ts-node scripts/dbc/manage-allowlist.ts view --pool <POOL_ADDRESS>
# View pending proposals
npx ts-node scripts/dbc/manage-allowlist.ts proposals --pool <POOL_ADDRESS>On-Chain Verification:
- Find pool's CPI Allowlist PDA
- Check
allowed_programsarray (7 default aggregators) - Verify
authorityis governance (not creator) - Check no suspicious pending proposals
What Users Should Know
You're Protected When:
- ✅ Swapping directly on MintCraft
- ✅ Swapping via Jupiter, Raydium, Orca
- ✅ Using any allowlisted aggregator
- ✅ Normal single-swap transactions
Red Flags:
- ⚠️ Pool has empty/modified allowlist
- ⚠️ Unknown programs added recently
- ⚠️ Pending proposals to remove aggregators
- ⚠️ Authority is creator wallet (not governance)
Smart Contract Security
MintCraft Program
Anchor Framework:
- Industry-standard Solana framework
- Built-in security checks
- Type-safe account validation
- Constraint macros prevent common bugs
Open Source:
- Full code available on GitHub
- Community can review
- Auditable by anyone
- Transparent operations
Immutable:
- Once deployed, cannot change logic
- Upgrade authority set to null
- What you see is what you get
- No backdoors possible
Audit Status
Current:
- Internal testing complete
- Community review ongoing
- Professional audit: Planned Q1 2025
Before Mainnet:
- Full security audit
- Bug bounty program
- Formal verification
- Insurance options
For Users:
- Test on devnet first
- Start with small amounts
- Verify all features
- Report any issues
Emergency Procedures
If Wallet Compromised
Immediate Actions:
- Transfer all tokens to new wallet
- Transfer all SOL to new wallet
- Revoke all app permissions
- Change all related passwords
- Scan for malware
Never Do:
- Try to recover old wallet
- Reuse compromised seed
- Hope attacker didn't see
If Creator Wallet Compromised
For Team Members:
- Announce immediately to community
- Pause any automations possible
- Create new multi-sig
- Migrate to new treasury wallet
- Communicate all steps publicly
For Community:
- Hold tokens (program still secure)
- Wait for official communication
- Don't panic sell
- Verify all announcements
If Bug Discovered
Report Responsibly:
- Email: security@mintcraft.co (if exists)
- Include detailed steps to reproduce
- Don't publicize until fixed
- Eligible for bug bounty
Never:
- Exploit the bug yourself
- Publicize before fix
- Demand ransom
Best Practices Summary
Before Creating Token
- [ ] Test on devnet thoroughly
- [ ] Use hardware wallet for mainnet
- [ ] Verify all treasury addresses
- [ ] Document all settings
- [ ] Plan security measures
- [ ] Set up multi-sig if team
During Token Creation
- [ ] Double-check all addresses
- [ ] Review transaction before signing
- [ ] Verify simulation success
- [ ] Save all transaction hashes
- [ ] Test with small amounts first
After Token Creation
- [ ] Verify mint authority revoked
- [ ] Check all PDAs initialized
- [ ] Test transfer fees work
- [ ] Verify LP is locked
- [ ] Share verification guide with community
Ongoing
- [ ] Monitor treasury balances
- [ ] Watch for unusual activity
- [ ] Keep security up to date
- [ ] Regular team access reviews
- [ ] Community transparency
Trust but Verify
Don't Trust, Verify
Everything Is On-Chain:
- PDA addresses are deterministic
- Treasury balances are public
- All transactions visible
- Smart contract code is open source
Your Responsibility:
- Verify claims yourself
- Don't rely on creator promises
- Check on-chain data
- Trust math, not people
Community Watchdogs
Encourage:
- Independent verification
- Public audits
- Transparency reports
- On-chain monitoring bots
Red Flags From Creator:
- "Trust me"
- Refuses to show proofs
- Blocks questioners
- No on-chain verification
Additional Resources
Security Tools
Wallet Security:
- Phantom (good security features)
- Ledger/Trezor (hardware wallets)
- 1Password/Bitwarden (password managers)
Verification Tools:
- Solana Explorer (explorer.solana.com)
- Solscan (solscan.io)
- XRAY (xray.helius.xyz)
Monitoring:
- Hellomoon (analytics)
- Birdeye (trading data)
- RugCheck (token security scanner)
Learning Resources
- Solana Security Best Practices
- Phantom Security Guide
- Ledger Setup Tutorial
- Crypto OPSEC Guide
Getting Help
Official Support
Never Trust:
- Random DMs
- "Support" contacting you first
- Requests for seed phrases
- "Verification" requirements
Official Channels Only:
- MintCraft Documentation
- Official Discord (verify link)
- GitHub Issues
- Public Telegram group
Report Scams
If You Encounter Scams:
- Report to platform (Discord/Telegram)
- Warn community publicly
- Share screenshots (redact personal info)
- Report to Solana Foundation if severe
Next Steps
Secure Your Setup:
- Review wallet security
- Set up hardware wallet
- Document your procedures
- Test on devnet
Verify Everything:
- Check your token's security
- Verify PDAs and LP lock
- Monitor ongoing
- Share proofs with community
Learn More:
- Token Creation (02) → Create secure tokens
- Managing Tokens (03) → Monitor security
- FAQ (08) → Common security questions
Last Updated: 2025-12-19 Previous: Liquidity Management (06) Next: FAQ (08)