Security Model

Sweepr V2 is designed so partners do not need to manually calculate or enforce fee splits.

Partner Identity

Partner identity comes from x-api-key. Sweepr never trusts partner identity, fee share, or payout recipient from a client request body.

Fee Authorization

The backend signs a short-lived EIP-712 FeeAuthorization with a dedicated fee signer. The deployer wallet and fee signer should be operationally separate. The SDK verifies the authorization before the user signs Permit2. The V5 contract verifies the authorization on-chain before any split is paid.

Replay Protection

Each fee authorization has:

nonce
deadline
EIP-712 domain with chainId
EIP-712 domain with verifyingContract

The contract stores used nonces per user.

Fee Cap

The V5 contract has a hard fee cap:

MAX_FEE_BPS = 500

This means total Sweepr platform fee cannot exceed 5% of gross output.

Router Allowlist

V5 only calls routers that are allowlisted by the contract owner.

Solana

Solana is not part of V2 trustless split. Solana remains V1/off-chain accounting until the Sweepr settlement program is implemented.

​Security Model

​Partner Identity

​Fee Authorization

​Replay Protection

​Fee Cap

​Router Allowlist

​Solana