RogueWave/pyre
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f9c471ef71fdf4642e1816e2d24dd77bcfbcca04
pyre/docs/SECURITY.md
RogueWave ae33b6d794 docs: bring Token-2022 (Token Extensions) into MVP scope (extension-gated) 
Most new tokens — incl. all Pump.fun launches — are Token-2022, so cleaning
only classic SPL misses the majority of real dust. PYRE now supports Token-2022
conservatively, gating on account+mint extensions:
- skip: confidential transfer, withheld transfer fees, frozen/default-frozen,
  and any unrecognized extension (UNSUPPORTED). "Unknown means skip" now covers
  unknown program OR unknown/unsafe extension.
- cleanable but flagged: transfer-hook & permanent-delegate (burn/close don't
  fire a hook; you may always burn/close your own account); non-transferable is
  burnable.
- rent reclaim = account's live lamports (Token-2022 size varies); CloseAccount
  as a top-level instruction (CPI-Guard safe).

Updated PYRE_MVP_DESIGN.md (§5/§6/§7 + new §7.1 policy table + §8/§16),
TOKEN_CLASSIFICATION.md (categories, safety checklist, decision flow), SECURITY.md.
Researched against Solana docs + Neodyme review. Classifier CODE still skips all
Token-2022 (safe subset) until the extension-aware impl lands next.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 03:56:27 +00:00

4.6 KiB
Raw Blame History

Security

Security model and threat documentation for PYRE. Aligned with PYRE_MVP_DESIGN.md §3, §16, and §17 — when in doubt, the design doc wins.

PYRE is a wallet-cleanup tool. Its entire value proposition rests on trust: users connect a wallet and let PYRE help them destroy or close token accounts. That only works if PYRE can never harm the user, never take custody of funds, and never hide what it is doing.

Core trust rule

Recovered ATA rent returns to the user by default.

Rent must never be silently taxed, redirected, pooled, or counted as Essence unless a future version creates an explicit opt-in donation mode.

For the MVP:

  • Recovered rent goes to the user.
  • Burned junk does not count as Essence.
  • Swapped scraps may become Essence only if the user explicitly approves.
  • Any optional SOL contribution must be separate and explicit.
  • All actions require wallet approval.
  • PYRE never has custody of private keys.

PYRE returns your rent. The scraps feed the fire.

Wallet security

  • Never request private keys.
  • Never run custodial signing.
  • Never auto-execute without the user signing locally in their own wallet.
  • Always show a transaction preview before any signature is requested.
  • Decode the transaction before signing.
  • Match the decoded transaction against the preview (accounts to close, tokens to burn, rent amount, rent destination, fees, warnings). If the decoded transaction does not match the preview, do not sign.

Token safety

  • Unknown assets default to skip — unknown token program or unknown/unsafe Token-2022 extension.
  • Token-2022 is supported with conservative extension gating (design doc §7.1): confidential-transfer, withheld-transfer-fee, frozen, and any unrecognized-extension accounts are skipped; transfer-hook / permanent-delegate mints are cleanable but flagged.
  • NFTs default to skip.
  • Valuable assets default to skip.
  • The user must manually select anything risky.
  • High-value actions require stronger confirmation.

For the full classifier specification — categories, allowed actions, the "Unknown means skip" rule, and the complete safety checklist — see TOKEN_CLASSIFICATION.md.

Backend security

  • Rate-limit scan endpoints.
  • Validate wallet pubkeys.
  • Validate token-account ownership (the account must belong to the wallet).
  • Do not trust client-submitted classifications — recompute classification server-side before building any transaction.
  • Log all transaction build requests.
  • Protect admin endpoints.
  • Use environment secrets only.
  • Rotate API keys if leaked.

AI safety

  • Filter generated names, tickers, and lore.
  • Avoid hate, explicit, extremist, copyrighted, impersonation, and scam-like outputs.
  • Require human approval before first launches. Prometheus generates a candidate package for human review; it never launches tokens directly.

Abuse scenarios

Reproduced from design doc §17. Each is stated as Risk → Defense.

Misclassification of valuable asset

  • Risk: The classifier mislabels a valuable token and the user loses it.
  • Defense: Protected token registry, USD value threshold, major-token skip list, and manual advanced override only.

Fake dust farming

  • Risk: A user creates many fake tokens to inflate their status.
  • Defense: No allocation by token count, no reward by account count; Essence weighting only in future versions.

Rent confusion

  • Risk: People claim PYRE steals rent.
  • Defense: The receipt clearly shows rent returned, the transaction preview clearly shows the destination, and rent is not pooled by default.

AI output abuse

  • Risk: Prometheus generates an offensive or copyrighted token.
  • Defense: Safety filters, blocked terms, ticker collision checks, and human approval in the MVP.

Pump.fun launch abuse

  • Risk: Spawn launches look like team-rug launches.
  • Defense: Manual review, public launch record, no profit promises, clear entertainment framing, and disclosure of the launch wallet / creator.

No private keys, anywhere

PYRE is non-custodial by design. There is intentionally no private-key or mnemonic environment variable anywhere in the project, and there never will be. All signing happens client-side in the user's wallet. Any change that introduces key custody, mnemonic handling, or custodial signing violates the core trust rule and must be rejected.

Reference in New Issue View Git Blame Copy Permalink