# Security model FastTrack is a custodial product. We hold the private keys to the wallets we generate for you. This document describes the threats we protect against, the mitigations in place, and the residual risks you should understand before depositing funds. ## What we protect against **External compromise of your axiom.trade session.** The extension uses a strict message-passing protocol between the content script and the background worker. The page (axiom.trade) cannot read your authentication token or directly call our API. Even if axiom.trade is fully compromised, your funds are not at risk. **Account theft.** Authentication uses JWT tokens scoped to a per-install fingerprint. A token stolen from your machine cannot be used from another device. **Replay attacks.** Every trade and claim request is bound to a unique trade ID, and our backend rejects duplicate submissions. **Slippage attacks.** Slippage is computed from live reserves at trade time using a tight constant-product formula, not from initial-state constants. We do not allow arbitrary `min_out` values from the client. **Front-running on sensitive trades.** When you submit through a landing service that supports anti-sandwich protection (NextBlock, Jito), we set the relevant flags. ## What we have in place * **AES-256-GCM encryption at rest.** Every private key is encrypted with a master key before being written to the database. The master key is held in AWS Secrets Manager and rotated quarterly. * **HTTPS-only API.** All extension-to-backend traffic is TLS 1.3. * **Email verification.** Account creation requires a six-digit code sent to your email. * **Forced password reset.** If suspicious activity is detected on your account, the next login requires a password reset. * **Admin audit log.** Every admin action against your account is logged with the actor's identity. * **Constant-time comparison** for the admin token and all bearer-token validations. * **Confirmed-commitment reads.** State reads use Solana's `confirmed` commitment level, which is finalized within 1 to 2 seconds. ## What we are working on * **Hardware security module (HSM) for the master key.** Currently the master key sits in cloud secrets storage. Migration to AWS KMS or a similar HSM-backed service is on the roadmap. * **Multi-region failover.** Our backend currently runs in a single AWS region. Multi-region replication for the trade and ledger databases is in design. * **Public bug bounty.** We are preparing a formal bug bounty program. In the meantime, please email directly with disclosures. ## Residual risk The biggest residual risk in a custodial model is **our infrastructure being compromised**. If an attacker gains access to our master key and our wallet database simultaneously, they can drain custodial wallets. We mitigate this through standard best practices (least-privilege IAM, isolated databases, no shared credentials, encryption at rest, principle of layered defense), but no system is perfectly secure. **If holding your own private key is essential to you**, we recommend keeping the majority of your funds in a self-custodial wallet such as Phantom or Backpack, and using FastTrack only for active trading capital. ## Reporting issues * General security issues: * Suspicious account activity: — we monitor this address actively. PGP key for available on request. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.willet.cc/how-it-works/security-model.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.