> For the complete documentation index, see [llms.txt](https://docs.squidrouter.exchange/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.squidrouter.exchange/additional-resources/compliance-and-security.md). # Compliance & Security Squid is committed to operating a secure, compliant cross-chain infrastructure. This page documents Squid's compliance policies, wallet screening, and token whitelisting procedures. *** ## Restricted Jurisdictions Squid does **not** permit swaps originating from or destined for the following sanctioned jurisdictions: * **Cuba** * **Iran** * **North Korea** * **Syria** Transactions involving addresses linked to these jurisdictions will be blocked. *** ## Wallet Screening & AML Squid uses **TRM Labs' blacklist API** to vet wallet addresses for Anti-Money Laundering (AML) compliance. ### How it works * Before processing a route, Squid checks the `fromAddress` and `toAddress` against TRM's risk database. * Wallets flagged for illicit activity by TRM, including association with sanctioned entities, darknet markets, ransomware, or stolen funds, will be blocked from executing transactions. * This screening is applied automatically and does not require any action from integrators. {% hint style="info" %} If a legitimate user's wallet is incorrectly flagged, they should contact [Squid support](https://discord.gg/squidrouter) for resolution. {% endhint %} *** ## Token Whitelisting Squid maintains a **strict token whitelisting process** to prevent fake or spoofed tokens from being available for swaps. ### Why whitelisting? Cross-chain routing involves moving value across multiple DEXs and bridges. Spoofed tokens — tokens mimicking legitimate assets with similar names or symbols — can lead to: * Loss of funds via manipulated liquidity pools * Incorrect pricing and route calculations * Reputation damage for integrators ### Automatic token monitoring Squid continuously monitors and **automatically adds validated tokens** that meet our quality criteria from trusted sources: * [**CoinGecko**](https://www.coingecko.com/) — tokens listed on CoinGecko with verified contract addresses are automatically evaluated for inclusion. * [**Defined.fi**](https://www.defined.fi/) — tokens tracked by Defined.fi with sufficient liquidity and trading activity are automatically evaluated. This ensures that the Squid token list stays up to date with legitimate, actively traded assets without requiring manual submissions for well-known tokens. ### Manual token whitelisting For tokens not yet picked up automatically, you can submit a request: 1. **Submit a request** via the [Token Whitelisting Form](https://form.typeform.com/to/wVLxNgSd?typeform-source=docs.squidrouter.exchange). 2. The Squid team reviews the token contract for: * Verified source code on the relevant block explorer * Sufficient liquidity on supported DEXs * Legitimate project history and team * No evidence of malicious behavior (honeypots, hidden minting, etc.) 3. Upon approval, the token is added to the supported token list and becomes available via the `/v2/tokens` and `/v2/sdk-info` endpoints. {% hint style="warning" %} Tokens that are not whitelisted will **not** appear in the Squid API responses and cannot be used in route requests. {% endhint %} *** ## Smart Contract Security Squid's smart contracts are designed to **never hold liquidity** — they only orchestrate calls to DEXs and other involved contracts. This avoids security risks usually associated with token bridges. For full audit details, see [Audits & Security](/additional-resources/audits-and-security.md). *** ## Shared Responsibility Model Squid utilizes a Shared Responsibility Model for security and compliance. Our core cryptographic infrastructure and Trusted Execution Environment (TEE) policy engine are provided by Cubist, which is SOC 2 Type II compliant. This ensures that the hardware-level security, key management, and policy enforcement layers of the Squid platform meet rigorous, audited institutional standards. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.squidrouter.exchange/additional-resources/compliance-and-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.