Security & Trust

At a glance

• Non-custodial. We never hold, custody, or have access to your tokens, keys, or seed phrases. You sign every transaction yourself.
• Verified Solana Dapp Store publisher. Approved on the Seeker Store; published via on-chain NFTs you can inspect below.
• No custom on-chain programs. We don't deploy our own Solana programs. Swaps route entirely through Jupiter; portfolio scans are read-only RPC calls.
• Curated swap allowlist. The RWA side of every swap is locked to a curated set of registry-verified mints (Backed xStocks, Ondo USDY, Maple syrupUSDC, etc.). You can't accidentally swap into an arbitrary unverified token.
• Live since February 2026. Portfolio tracking has been online for months; in-app swap shipped on 10 May 2026.

Why your wallet may show a “new domain” warning

Some Solana wallets use third-party security partners that score domains based on transaction history. When solanarwa.app shipped its first transaction-initiating feature (the Jupiter swap, on 10 May 2026) after several months as a read-only portfolio tracker, the sudden shift in behaviour can trigger a generic “this dApp may be malicious” or “unverified domain” warning on first interaction — even though nothing about the transaction itself is unusual.

We've verified the same swap transaction is clean in multiple wallets (Backpack, Jupiter wallet, and freshly-installed Solflare), which indicates the issue is domain-reputation scoring catching up with our move from read-only to swap-enabled — not a problem with the transactions. We're working through the standard wallet review processes to clear the warning. If you want extra reassurance, the on-chain credentials below let you independently verify we are who we say we are.

Click any address to view it on Solscan. These records are minted on Solana mainnet and are independently verifiable.

How swaps work

The swap UI at /rwa/swap is the Jupiter Plugin embedded inside our page. When you initiate a swap:

1. The Jupiter Plugin calls Jupiter's Ultra API to fetch the best route across Solana DEXs.
2. Jupiter returns a fully-constructed transaction containing your swap, a 50 basis point integrator fee paid to our Ultra Referral PDA, and standard token-account setup if required.
3. Your wallet shows the transaction; you review and sign (or reject) it. We never see your private key and we cannot sign anything on your behalf.
4. After the swap lands, our backend reads the on-chain transaction via Helius and auto-records the cost basis to your portfolio.

The 0.5% integrator fee is shown in the swap UI before you sign and is also visible inside the Jupiter Plugin's route breakdown. It is the only fee SolanaRWA charges on swaps.

What we will never do

• Sign or pre-sign transactions for you. Every transaction originates in your wallet. We cannot construct or broadcast anything without your explicit approval.
• Custody your tokens. We do not operate hot or cold wallets that hold user funds. Your RWA tokens stay in your own Solana wallet at all times.
• Mint tokens. We do not have authority over any token mint and we do not deploy tokens of our own.
• Circumvent your wallet's security guards. All our transactions are constructed via the Jupiter Plugin and presented to your wallet through the standard wallet-adapter interface for simulation and approval.
• Ask for your seed phrase or private keys. Ever. No legitimate Solana dApp will. If anyone claiming to be SolanaRWA support asks for them, it is a scam.

Reporting issues & verification questions

If you have a security concern, a verification question, or want to report a vulnerability, please get in touch:

• Email: solanarwa0@gmail.com
• X: @SolanaRWA
• Discord: discord.gg/FagMzMynCd

Wallet teams or security researchers performing domain review on solanarwa.app are welcome to use this page as a reference. We are happy to share test transaction signatures or hop on a call to walk through our integration.

See also

• Terms & Conditions
• Privacy Policy
• Data Deletion