Skip to content

Security Engine & Risk Control

LiquidMesh integrates a built-in Security Engine that aggregates multiple third-party security services to perform pre-trade risk checks on both token contract addresses (CA) and user addresses.

The Security Engine is enforced consistently across all execution entry points, including the Quote API and Order API, to prevent high-risk assets or addresses from entering the routing and execution pipeline.

Scope of Security Checks

LiquidMesh performs request-time security validation on the following dimensions:

1. Token Risk Detection

All token contract addresses involved in a request (input or output) are evaluated against integrated security intelligence sources.

Token-related risk scenarios include, but are not limited to:

  • Honeypot tokens (e.g. tokens that can be bought but not sold)
  • Scam tokens
  • Tokens associated with known hacker incidents
  • Tokens deployed from compromised or malicious contracts
  • Tokens flagged as high-risk by third-party security providers
  • Other risk situations If any token in the request is identified as risky, the request will be rejected immediately.

2. User Address Risk Screening

LiquidMesh requires the user address to be explicitly provided in API requests in order to perform address-level risk evaluation.

User address risk screening primarily targets hacker-related or flagged addresses, including:

  • Addresses associated with known hacking incidents
  • Addresses marked as high-risk by security partners
  • Addresses included in internal or third-party risk lists

If the provided user address is identified as risky, the request will be rejected.

API Requirements

Mandatory Parameter: userAddress

For the Quote API, the userAddress parameter is required.

  • The Security Engine relies on this field to perform address-level risk screening
  • Requests without a valid user address cannot pass security validation

⚠️ Important
Always pass the actual end-user address.
Using placeholder, zero, or incorrect addresses may result in request rejection.

The Order API follows the same security requirements and enforcement logic.

Rejection Behavior & Error Response

Unified Error Response

When a request is rejected by the Security Engine (Quote API or Order API), LiquidMesh returns the following error:

HTTP/1.1 400

{
  "code": 42000,
  "msg": "Quote forbidden"
}

Rejection Conditions

The above response may be returned under any of the following conditions:

  • One or more token contract addresses are identified as high-risk
  • The provided user address is identified as a risk address
  • Required security-related parameters (e.g. userAddress) are missing or invalid

Note
The error response is intentionally unified.
Integrators should treat Quote forbidden as a security-driven rejection, not as a pricing or network failure.