Safety

Safety Model

DRIP on Stellar Testnet is designed to make stream actions transparent and bounded. The safety model relies on Freighter for signing, Soroban simulation before submission, and testnet isolation.

Safety principles

No private key custody

DRIP does not ask for or store your private key or seed phrase. All transactions are approved through Freighter.

Transaction preview

The dashboard shows the action, affected stream, and expected XLM movement before presenting the Freighter signature prompt.

Soroban simulation

Transactions are simulated against the Soroban RPC before signing, catching errors before they reach the network.

Testnet isolation

This deployment is Stellar Testnet only. No bridge exists to mainnet. No real XLM is at risk.

Fail-closed behavior

If stream state cannot be verified, access defaults to blocked. DRIP will not allow actions it cannot confirm are safe.

Payer controls unvested XLM

The payer can pause, resume, or cancel a stream and recover unvested XLM at any time.

Limitations and known constraints

The Soroban contract has not been publicly audited. Use on Testnet only.
Simulation can reduce risk but cannot guarantee every outcome under all conditions.
Verify the domain, receiver address, and amount in every Freighter prompt before signing.
Ledger entries expire on Stellar Testnet if not accessed for an extended period.
Native XLM is the only supported asset. Do not assume token support.

Testnet only — always verify Freighter prompts

This is a testnet deployment. No real funds are involved. Always verify the receiver, amount, and network shown in Freighter before approving any transaction.