DON'T TRUST US. VERIFY.
Every deployment is traceable from source code to running binary.
VERIFY IT YOURSELF
# Clone the source code
git clone https://github.com/uSwapExchange/uswap-zero.git
cd uswap-zero
# Verify the code matches this deployment
git checkout 4d3e4b886f76480bcc643ed8471e05a2f1b7ffa4
# Build locally (requires Go 1.23+)
go build -o uswap-zero .
# Or build with Docker (exact same as production)
docker build -t uswap-zero .
# Run locally
ORDER_SECRET=$(openssl rand -hex 32) ./uswap-zeroWHAT TO AUDIT
The entire application is ~1200 lines of Go across 8 files. Here's what to look for:
nearintents.go
Zero fee markup. The API call passes amounts through untouched. Search for "appFees" — it's an empty array.
handlers.go
Zero logging of user data. No IP addresses, amounts, or addresses are stored. The only log is cache refresh counts.
crypto.go
Order tokens are AES-256-GCM encrypted. The key is random per restart (unless ORDER_SECRET is set). No server-side storage.
main.go
No middleware that logs requests. No analytics. No external service calls except NEAR Intents API.
tokencache.go
The only in-memory state: a cached copy of the public token list. Refreshed every 5 minutes. No user data.
templates/
Pure HTML. No analytics scripts. No tracking pixels. No external requests. The only JS is an 8-line clipboard helper.
go.mod
Zero external dependencies. Only Go standard library. Nothing to supply-chain attack.
Dockerfile
FROM scratch — the container is literally empty except for our binary and TLS certificates.