Security Disclosure

Non-custodial responsibility

Uh Oh Swap is non-custodial. Your wallet stays in control. You are responsible for reviewing every transaction before signing.

No recovery of funds

Blockchain transactions are irreversible. If funds are sent to the wrong address or a transaction is signed by mistake, we cannot reverse it or recover assets.

Smart contract and integration risk

The demo depends on smart contracts and third-party infrastructure. These systems can have bugs, outages, or unexpected behavior. Please use the demo with care.

Report a vulnerability

Please report security issues privately. Include steps to reproduce, affected components, and impact.

Open-source transparency

When we publish source code, it will be linked from our documentation. Public code helps the community review and improve the demo, but it does not remove risk.

Scope

• Frontend UI (Next.js)
• Backend API (Fastify)
• Contracts (Solidity)
• Staging reverse proxy configuration

Safe harbor

We won’t take legal action against researchers acting in good faith who avoid privacy violations, data destruction, and service disruption.