SolanaForge logo
SolanaForge
Security

Security & transparency.

SolanaForge is built around the principle that you should never have to trust us with anything that can be verified on-chain. Here is exactly how we treat your wallet, your data, and your tokens.

Non-custodial by design

We never hold your seed phrase, private key, SOL, or tokens. Funds and authorities live in your wallet, full stop.

Click-to-connect only

Phantom is only invoked when you click Connect Wallet. We use the official onlyIfTrusted flow to silently re-auth wallets you previously approved — never to force a popup.

Transparent transactions

Every transaction is simulated and itemised before you sign: mint cost, metadata, network fee, platform fee, and any optional revoke. No surprises.

Verifiable on-chain

Tokens, pools, and transfers are public Solana data. Every launch links directly to Solscan so anyone can audit it.

Standards-only stack

We use the SPL Token Program, Metaplex Token Metadata, Raydium CPMM, Pinata IPFS, and Helius RPC — no custom forks, no opaque vaults.

Anti-phishing posture

We never DM you first, never ask for seed phrases, and never run ad popups. If anyone claims to be us and asks for your secret words, it is a scam.

What a transaction shows you

Before any Phantom signature request, SolanaForge displays:

  • The exact program instructions in the transaction (mint create, metadata write, optional revokes, transfer of platform fee).
  • A pre-flight simulation that catches insufficient balance and program errors before you sign.
  • Total SOL cost broken into network fee, rent, platform fee, and optional revokes.
  • Your final SOL balance after the transaction.

What permissions Phantom grants

Connecting Phantom only shares your public wallet address with the dApp. Phantom never reveals your private key or seed phrase to any website, including SolanaForge. Each transaction requires its own explicit approval — there is no blanket signing permission.

Reporting a vulnerability

Found a security issue? Email support@solanaforge.app with the subject [security] and a clear description. Please do not exploit or publicly disclose issues before we have had a chance to respond. We aim to acknowledge security reports within 24 hours.

Reminder: SolanaForge will never DM you first, never request your seed phrase, and never ask you to sign a transaction outside this site. The only domain we operate is solanaforge.app. See our contact page and privacy policy for more.