PYRE.
Feed the PYRE
Provable, not promisedVerify on /trust

A review reduces risk; it does not eliminate it. Always do your own review.

Provable, not promised

In a sea of rugs, the only thing that should earn your trust is proof you can click and check. Everything below is a verifiable fact with a link to its source — on-chain, in the code, or in the in-app decode-match you sign through.

PYRE is a wallet-cleanup utility and ritual entertainment — not an investment product, yield mechanism, trading bot, or guaranteed-profit system. No yield. No profit promise. No guaranteed gains. Recovered rent returns to you; you sign every transaction; PYRE never holds your keys.

You hold your keys

PYRE never holds your private keys. Every transaction is built unsigned, decoded, and shown to you — you sign it in your own wallet. There is no custodial signing, by design. There is no private-key environment variable anywhere in PYRE, and there never will be.

  1. Build (unsigned). When you choose accounts to close or tokens to burn, PYRE assembles an unsigned transaction. Nothing can move yet — no signature exists.
  2. Decode. The raw transaction is decoded instruction-by- instruction: which accounts close, which tokens burn, the rent amount, the rent destination (your wallet), and the disclosed fee.
  3. Match. The decoded contents are matched against the preview you see. The fee leg is independently re-verified against a build-time trust anchor (see rent). A mismatch is a literal refusal to sign — not a warning you can click past.
  4. You sign. Only then does your wallet ask for a signature. The key never leaves your wallet. PYRE cannot sign for you.

Proof: the FAQ answer(“Do you ever sign for me?”) and the non-negotiable trust rules in the public repo's CLAUDE.md.

This is a mechanicalfact — you are in control of signing. It is not a promise that any token is “safe.”

Secured by a 2-of-4 multisig

The on-chain program's upgrade authority and the fee treasury are the same Squads v4 2-of-4 multisig vault. Changing the program or moving treasury funds needs 2 of 4 independent signers. No single developer key can do it alone.

What “2-of-4” means: four independent signers hold keys to the vault; any action — upgrading the program, moving funds — requires at least two of them to approve and sign. One compromised or rogue key cannot act. This is the difference between a project with a single dev who could rug at any moment and one where control is split and checkable on-chain.

Proof: the vault on Solscan ↗ (also the destination of the disclosed 5% fee) — controlled by a 2-of-4 Squads v4 multisig. On Solscan it appears as the program-owned vault account; its 2-of-4 threshold and signer set are enforced on-chain by the Squads program. Full addresses are in on-chain addresses below.

This states the mechanism(2-of-4) — it does not claim the project is therefore “safe.”

Independently reviewed

The on-chain program has been reviewed in depth. Findings were fixed and the program was redeployed. The deployed build is byte-identical to the reviewed binary (sha256 d5e95d03), verified on-chain after the multisig redeploy.

What this review is — plainly. This is our own in-depth review process, not a paid third-party firm audit, and we do not claim otherwise: an internal multi-agent code review of the on-chain program, a standing security review maintained alongside the code, and the byte-identical-build verification that proves the deployed program matches the reviewed source on-chain. It is a real, ongoing security practice — not a certificate from an outside auditor.

Byte-identical build. The program now running on Solana mainnet was built from the reviewed source and is byte-for-byte identical to the reviewed binary (sha256 d5e95d03). Because the program's bytes are on-chain, anyone can verify the deployed program matches the reviewed build — you do not have to take our word for it.

Proof: the on-chain program on Solscan ↗. Full program id is in on-chain addresses below.

A review reduces risk; it does not eliminate it. Always do your own review. A review reduces risk by finding and fixing issues — it does not prove the absence of bugs, and it is not a guarantee.

Your rent comes back to you

Recovered account rent returns to your wallet by default — never silently taxed, pooled, or redirected. PYRE takes one disclosed 5% fee, shown in the decoded transaction before you sign.

Why the server can't repoint it. The treasury address and the 5% fee rate are baked into the app as build-time constants, and an independent client-side check re-verifies the fee leg against those constants right before your wallet is ever asked to sign. So the server cannot quietly repoint your rent to another address or inflate the fee — a change to either would be a code change that has to go through review, not a runtime config flip. This client-side anchor is a published part of the trust path (trust-anchors.ts, checkFeeAnchor).

Proof: the honest economics and the example receipt on /about show the rent → you and the 5% fee lines exactly as they appear in the decoded transaction.

The fee is disclosedand shown pre-sign — the cleanup is not “free,” and no return or gain is implied.

Spawn launch economics — where your Essence goes

The 5% cleanup fee is the only deduction on your cleanup transactions. It becomes your Essence — an on-chain contribution to the current round, recorded as your pro-rata (in- proportion) share. Launching a Spawn is a separate operation. Here is exactly what happens to that Essence, honestly.

The live model — on-chain and trustless

PYRE's Spawn distribution runs on the trustless on-chain program (pyre-core, program id 4SaAiTS2…), deployed to Solana mainnet under the 2-of-4 Squads multisig upgrade authority. Your contribution is not held on an operator's word — it lives in a program-owned vault, and the flow is enforced by the contract:

What “consumed” means in plain terms: feeding a round is not a deposit you can withdraw at will. Before a round launches, your contribution is refundable if the round fails. Once it launches, your Essence has become the Spawn — you then hold a pro-rata claim on the Spawn, not a claim to get your SOL back. We disclose this plainly so there is no surprise.

Earlier Spawns. Before on-chain rounds, some early Spawns were launched operator-run and operator-refunded on failure. Those are historical; the live model is the on-chain vault described above.

Proof: the vault, claim, refund, and force-fail mechanics are enforced by the open-source pyre-core on-chain program (program id 4SaAiTS2…) deployed under a 2-of-4 Squads multisig upgrade authority. No single key — including the operator key — can unilaterally move contributor funds. The program source is in programs/pyre-core/ in the public repo.

Full transparency on where your Essence goes: consumed into the Spawn at launch and claimed pro-rata on graduation; returned if a round fails to launch. No return or gain is implied.

Cleanups between rounds — your fee SOL is refundable, not token-bearing

Almost always there is an open round to feed. But if you clean up in a brief window between rounds — when no round is open — your disclosed 5% cleanup fee still goes to the treasury wallet as a plain SOL transfer. We call that a gap burn, and we disclose exactly how it is handled so there is no ambiguity.

Disclosed plainly: a between-rounds cleanup fee is returned to you in SOL by the operator. It carries no token allocation and no permissionless on-chain refund. No return or gain is implied.

How PYRE earns — pump.fun creator fees (disclosed)

PYRE has a revenue source, and we disclose it plainly: when PYRE launches a Spawn, PYRE's launcher is the on-chain creator of that token, so it earns the pump.fun creator fee— a share of the Spawn's trading volume paid out by the pump.fun protocol to the token's creator.

Disclosed, not hidden: PYRE earns from Spawn creator fees, paid by the market — never from your cleanup or your contribution.

On-chain addresses

Every address below is copyable and linked to Solscan. Verify them yourself.

Program id4SaAiTS2zr9xfVs1gpYrQUeaTUwXqf2yCz1G5HG2mcBwSolscan ↗
Multisig vault (treasury + upgrade authority)47UyQ4HdEg5sHnqHRTcS325B8fNcG6KwMifderunsACGSolscan ↗

What PYRE will never do

A review reduces risk; it does not eliminate it. Always do your own review.