Security Features
An overview of the security measures implemented in AgoráX.
Smart Contract Security
Reentrancy Protection
All state changes are performed before external calls (Checks-Effects-Interactions pattern). This prevents attackers from exploiting callback mechanisms to manipulate contract state.
Transfer Verification
Every token transfer is verified by checking balance changes before and after. This catches fee-on-transfer tokens and prevents amount manipulation attacks.
Cooldown Mechanism
A configurable cooldown period (20-86400 seconds) prevents rapid order manipulation and front-running attacks. Users must wait before cancelling or modifying orders.
Whitelist System
Buy tokens must be whitelisted and active. This protects users from receiving worthless, malicious, or honeypot tokens when filling orders.
Batch Operation Limits
Batch operations (like cancelling multiple orders) are limited to 50 items per transaction. This prevents gas griefing attacks and ensures transactions stay within block limits.
Graceful Proceeds Collection
When collecting proceeds from multi-token orders, if one token has a transfer issue (paused contract, blacklisted address, etc.), the remaining tokens are still collected successfully. Failed tokens can be retried individually later. This prevents a single broken token from locking all your proceeds.
No Price Oracle Dependency
AgoráX operates without reliance on external price oracles. Order prices are set directly by makers and accepted by fillers, eliminating oracle manipulation risks, stale price vulnerabilities, and single points of failure that plague many DeFi protocols.
Frontend Security
Rate Limiting
API endpoints are rate-limited to prevent abuse and DoS attacks.
- • Validation: 20 req/min
- • Data: 60 req/min
Transaction Timeouts
All blockchain operations have timeouts to prevent hanging transactions.
- • Approvals: 60s
- • Transactions: 60s
Input Validation
All user inputs are validated before processing.
- • Overflow protection
- • Decimal precision
- • Dust prevention
Content Security Policy
Strict CSP headers prevent XSS and injection attacks.
User Safety Guidelines
Verify Transaction Details
Always review token addresses and amounts in your wallet before confirming transactions.
Check Token Contracts
Verify that tokens you're trading are legitimate by checking their contract addresses on the block explorer.
Start with Small Amounts
When trading new tokens or trying new features, start with small amounts to verify everything works as expected.
Understand Order Terms
Review all order details including expiration, accepted tokens, and all-or-nothing settings before creating or filling orders.
Monitor Your Orders
Regularly check your open orders and collect proceeds from filled orders promptly.
Important Disclaimer
While AgoráX implements robust security measures, DeFi protocols carry inherent risks including smart contract vulnerabilities, market volatility, and user errors. Never invest more than you can afford to lose. Always do your own research and understand the risks before using any decentralized application.
Contract Verification
The AgoráX smart contract source code is verified and publicly available:
Contract: 0x06856CEa795D001bED91acdf1264CaB174949bf3