FeeDrop FeeDrop ← Back to app
Security
FeeDrop

FeeDrop

How FeeDrop protects your keys, your fees, and your holders

FeeDrop custodies a fee wallet and spends real SOL on your behalf, so security is not a feature, it is the foundation. Here is exactly how keys, funds, and access are protected, and the limits that keep automation from ever spending more than it should.

01Key custody

Keys are encrypted at rest

In one line

Every wallet key FeeDrop holds is encrypted before it is stored, and decrypted only in memory to sign a transaction.

FeeDrop needs to claim fees and run payouts, so it holds the key to a fee wallet. That key is encrypted at rest with a per-wallet scheme and only ever decrypted in memory for the moment it signs, then zeroed. Keys are never written to logs, never returned in an API response, and never shown in the browser except through the explicit recovery flow you control.

02Recovery

You can always get your key back

In one line

Set a recovery password and export the private key anytime, it is your wallet.

Set a recovery password on any managed wallet and you can reveal and export its private key whenever you want. The password is required to decrypt the export, it is confirmed on entry, and the key is shown once for you to store like cash. No password is ever needed to receive fees, only to export.

03Spending caps

Automation can never overspend

In one line

A coin never deploys more than the creator fees it has actually earned.

Every autonomous action is bounded by a hard cap tied to the coin's own accrued creator fees. The engine tracks what has already been deployed per coin and will not exceed the total earned, so a bug or a bad tick can never drain more than the fees that came in. Airdrops also carry a floor so they never cost more in gas than they deliver, and a per-drop ceiling.

04Chart-safe execution

It supports the chart, it does not dump

In one line

Buys and distributions are paced and sized to live market conditions.

Before each action the engine reads live market telemetry and sizes the move to conditions. Buy & burns are small and continuous rather than one large spike, and airdrops accrue to a meaningful size before firing. Airdrops are sent as direct on-chain transfers, no obfuscation or hop chains, so the flow of funds is fully transparent.

05No secrets in the open

No credentials live in the code

In one line

Every secret is read from the environment, never hardcoded or committed.

API keys, tokens, and app secrets are read from environment variables at runtime, never hardcoded in source and never sent to the browser. The public config endpoints expose only what a browser legitimately needs (a public app id, for example) and nothing that could move funds. Connected X app keys are encrypted like wallet keys and verified before storage.

06Access control

Only you touch your coins

In one line

Every action is gated by sign-in, and sensitive controls are locked to the owner.

Managing a coin, claiming fees, or moving funds all require an authenticated session tied to your account. Operator-only controls sit behind a separate superadmin gate. Public pages are read-only by design, they show proof without exposing a single control. During private beta, access is gated so only invited users can act while anyone can still browse.

07Rate limits & resilience

Built to degrade gracefully

In one line

External calls are rate-limited, retried with backoff, and cached, so the platform stays up when providers wobble.

Requests to on-chain and market data providers are routed through a shared client with rate limiting, retries, and exponential backoff on errors. Hot public data is cached and de-duplicated so many visitors share one upstream fetch, and durable jobs are database-backed with retry runners, so claims, distributions, and LP injections finish on their own and survive restarts.

08Auditable by design

Every action leaves a record

In one line

Fees claimed and actions taken are logged per leg and shown publicly.

Every claim, airdrop, burn, and LP injection is written to a per-leg ledger and surfaced on the coin's public page. The 5% platform fee is disclosed and applied transparently. Anyone can verify on-chain what happened to the fees. For the mechanics behind all of this, see how it works.