SOLKNIFE
← Home

Security model

Do not trust SolKnife blindly. The toolkit is designed so the important parts can be checked before your wallet signs: what program is called, what account is touched, where funds move, and what fee is included.

Non-custodial transaction flow

State-changing tools use the same shape wherever possible:

  1. The server reads live Solana state and builds an unsigned transaction.
  2. The browser verifies the transaction against that tool's rules.
  3. Your wallet shows the transaction and signs only if you approve.
  4. The server re-verifies the signed bytes before submitting them.

Your private key never touches SolKnife's backend. The server cannot change a transaction after your wallet signs it because changing even one byte invalidates the signature.

What the verifier checks

Each signing tool has a purpose-built verifier. The exact checks vary by tool, but the common rule is simple: if the transaction does not match the operation you reviewed, it is rejected.

  • Program allowlists block unexpected program calls before signing.
  • Fee transfers are pinned to the configured fee account and amount.
  • Authority tools re-read the mint and confirm your wallet actually controls the authority being changed.
  • Change-authority refuses PDA/off-curve new authorities, so a token authority cannot be moved to an address that normal wallets cannot sign for.
  • If a signal, account layout, or transaction shape cannot be verified, SolKnife fails closed instead of guessing.

What the backend can and cannot do

  • It can read public chain state, request quotes from upstreams, build unsigned transactions, and submit signed transactions.
  • It cannot spend your funds without your wallet signature.
  • It cannot alter a transaction after signing without invalidating the signature.
  • It cannot recover, revoke, or change an authority after you transfer it away. Solana authority changes are on-chain actions.

Fees and fund movement

SolKnife charges small, disclosed fees on some value-moving tools. Fees are shown in the quote or review screen before signing, and the pricing page lists the current fee schedule. You still pay Solana network fees and any rent deposits required by the chain.

Privacy

SolKnife has no accounts and no sign-up. Wallet addresses, token mints, quotes, and signed transactions are used to answer the request you made.

Short-lived caches may hold public token or pool data briefly so repeated reads are fast. Page visits are measured in aggregate with Google Analytics when enabled. See the disclaimer and privacy notes for the full privacy stance and limits.

Limits

  • SolKnife is not a smart contract audit and does not guarantee a token is safe.
  • Wallet simulation, wallet warnings, and your own review still matter. If your wallet shows something unexpected, do not sign.
  • Upstream data can be unavailable, stale, or incomplete. SolKnife labels unverifiable results rather than clearing them.

Report a security issue

Security reports go to admin@solknife.xyz. Bugs and feature requests can also be opened on the support page. Updates are posted through @solknifexyz.

More detail

For a tool-by-tool breakdown of what SolKnife reads, builds, verifies, signs, and submits, read How SolKnife works.