SCENTDEX

Trade Scent Token,
peer to peer.

SCENTDEX is a limit-order exchange where you trade directly with another wallet. No escrow. No custody. Your funds stay in your wallet until the moment a trade settles.


01

What is SCENTDEX?

SCENTDEX is a decentralised exchange built specifically for Scent Token (SCENT). Unlike pool-based DEXs (Uniswap, Curve), SCENTDEX is a true limit-order book โ€” you set your price, your terms, your expiry, and the contract matches you with another wallet that agrees.

Zero on-chain escrow

The contract never holds your tokens. Both sides settle atomically the instant a fill happens โ€” or the entire transaction reverts.

Audit-first design

Internal red team + 4 rounds of multi-agent automated review + 5 industry static-analysis tools, all clean. External formal audit before any TVL ramp.

EIP-712 signed orders

Orders live off-chain as signed messages. Cancel costs nothing, change your mind anytime, and your private key signs only what the wallet shows you.


02

How a trade works

MakerWants to sell SCENT for JPYC at a price they choose
  1. Connect wallet (MetaMask, Rabby, Coinbase Wallet โ€” any standard EOA)
  2. One-time: approve Permit2 for each token (1 transaction per token, ever)
  3. Open Place Order, set price + amount + expiry
  4. Sign the order โ€” this is just a message, no transaction, no gas
  5. The order appears on the public book until someone fills it or you cancel
TakerSees the order, agrees to the price, and fills it
  1. Browse the order book, click the price level you want
  2. Sign + submit a fill transaction โ€” settles in one block
  3. Maker's SCENT moves to taker, taker's JPYC moves to maker, fee moves to treasury โ€” all atomic, all in one tx
  4. If any leg fails (insufficient balance, allowance revoked, expiry passed), the whole transaction reverts. No partial state.

03

What is Permit2?

Permit2 is a small contract built by Uniswap that solves a real annoyance: approving every dApp separately. Instead, you approve Permit2 once per token, and from then on every compatible dApp uses signed messages โ€” not transactions โ€” to ask permission for specific trades.

Without Permit2
  • approve(Uniswap, MAX) โ€” gas tx
  • approve(SCENTDEX, MAX) โ€” gas tx
  • approve(some-other-DEX, MAX) โ€” gas tx
  • Each tx costs gas + a confirmation
With Permit2
  • approve(Permit2, MAX) โ€” once, per token
  • Sign a message for each trade (free, no tx)
  • Permit2 routes the transfer atomically
  • Same allowance shared across compatible dApps

SCENTDEX uses Permit2 because it lets the maker โ†’ taker โ†’ treasury legs of a fill happen in a single atomic transaction, with no per-trade approval overhead. The trade-off is that the security model moves from "approve a specific contract" to "trust the message my wallet shows me before I sign it." That's where phishing risk comes in โ€” see the next section.


04

How we keep you safe from phishing

In 2024, attackers stole roughly $314M from ~260,000 wallets using Permit2-style typed-data phishing. Most victims signed a message on a cloned site that looked legitimate, not realising the signature was a blank cheque.

Before SCENTDEX asks your wallet to sign anything, we run four checks in front of you. If any fails, the Sign button is replaced with a red warning and a 3-second hold-to-confirm โ€” never a blind click.

Domain check

The contract you're signing for must match the official SCENTDEX V5 deploy on the network you're connected to. A cloned site signing for a different contract address fails this check.

Self check

The maker address inside the order must match your connected wallet. If a phishing payload is asking you to sign on behalf of another address, this catches it.

Floor check

The taker amount must be above the per-token safety floor. A bait order ('sell 1M SCENT for 2 wei') fails this even if you didn't notice the numbers.

Ratio check

The price ratio must be within the configured cap. Extreme prices (giving away tokens at 1/1000th of market) fail this.

We also show every signature request as a plain-language summary: "You give X, you receive at least Y after Z fee, expires on D." If that sentence doesn't match what you intended, don't sign.


05

Audit & operations

Internal red team review

6 specialised UST agents covered threat intel, contract design, red team strategy, exploit engineering, static audit, and governance

4 rounds of /ultrareview (Anthropic)

Round 4 returned 0 findings on the source-only review branch

5-tools static analysis

Slither, Mythril, Aderyn, Wake, 4naly3er โ€” all clean on the V5 contract

Secondary review (Codex tool)

3 findings, 2 adopted into r6, 1 documented design choice

External formal audit

To be commissioned ahead of any meaningful TVL ramp on mainnet

Bug bounty program

Post-mainnet, via Immunefi or equivalent

Source code lives at github.com/ust-scent/scentdex-v5. Independent reviewers and security researchers are invited to read it. Found something? Email cs@scenttoken.com.


06

Common questions

What happens if I move my SCENT to another wallet before someone fills my order?
Nothing breaks โ€” and you don't lose anything. When the taker tries to fill, the contract can't pull SCENT from your wallet, so the entire transaction reverts. Your funds stay wherever you moved them; the taker only loses the gas they spent on the failed attempt. To protect takers from wasting gas on stale orders like that, SCENTDEX continuously monitors every maker's balance and Permit2 allowance โ€” orders that have become unfillable are automatically hidden from the order book.

Ready to trade?

Connect a wallet, approve Permit2 once per token, and sign your first order. Cancel anytime before expiry โ€” your funds never leave your wallet until a fill happens.

Open the trade interface โ†’

We use cookies for security, language preference, and basic analytics. By using this site you agree to our use of cookies. Learn more