How Airsem stays safe
Real money moves through here, so the design is deliberately small and auditable. No marketing word games — here is exactly what is and isn't protected.
You log in by signing a one-time message with your wallet (Sign-In With Solana). It proves you own your creator wallet. It is free, off-chain, and grants Airsem zero permission to move your funds. We never ask for a private key or seed phrase.
A scheduled job claims and splits fees every cycle, so the collection wallet's balance only ever equals the fees since the last run. There is no big standing balance to target. The key lives in an encrypted server vault — never in the browser, never in the repo.
The front end is read-only against the chain. Only the isolated cron signer can send, and its transfer targets are constrained in code to the verified live top-100 holder set. Nothing a visitor types ever reaches a signer.
Each cycle records a per-holder ledger row keyed by (cycle, holder). If a run is interrupted it resumes exactly where it stopped and can never double-pay. A minimum payout floor prevents dust; remainders carry to the next cycle.
Claims and distributions are written with their on-chain transaction signatures to the public proof page. You can verify every lamport on Solscan independently of us.
A fully automated payout needs a hot signer — so this is not 'trustless'. It is minimal-float, tightly-scoped, vault-held and fully auditable on-chain. A trustless on-chain program version is on the roadmap.