PumpAgent never holds user funds. Every swap returns an unsigned serialized transaction. Users sign with their own wallet. PumpAgent has zero access to private keys.

Fee: 0.5% via Jupiter referral program Fee wallet: JAL73tnRravjWQqm7yPkw6wzhhxx9v6NZ5jNt1pjKJau Verify all collected fees: https://solscan.io/account/JAL73tnRravjWQqm7yPkw6wzhhxx9v6NZ5jNt1pjKJau Fee injection code: src/routes/swap.ts (open source, auditable)

All swaps route through Jupiter V2. Jupiter Z RFQ fills bypass the public mempool entirely. Sandwich attacks not possible on RFQ routed swaps.

Primary RPC: Helius (enterprise grade) Fallback RPC: Solana public mainnet Both endpoints verified before every request.

All code: https://github.com/getPumpAgent/pumpagent-api License: MIT Anyone can audit, fork, or contribute.

Found a security issue? Open a GitHub issue marked [SECURITY] or email via GitHub profile.