New lesson dusting#27
Open
mu1titudes wants to merge 5 commits into
Open
Conversation
Written by Bryan
Added a lesson crosslink from existing safety-rugs lesson to new safety-dusting lesson.
Collaborator
📚 Lesson review —
|
| Sev | Where | Finding | Suggested fix |
|---|---|---|---|
| 🔴 | line 40 / dusting-jup-shield.png |
broken illustration — CDN returns 404 on two attempts | upload to the CDN, or correct the filename/path |
| 🟡 | line 40 | image uses site-relative path /images/lesson/... not canonical CDN URL |
use the full https://static.academy.jup.ag/images/... URL |
| 🟡 | line 67 | DEX not wrapped in <Term> |
wrap with <Term id="dex"> |
| 🟡 | lines 82, 84 | seed phrase, SPL Token not wrapped |
wrap with <Term id="seed-phrase"> / <Term id="spl-token"> |
🔎 Accuracy vs docs.jup.ag
Verdict: ✅ 0 blockers, 2 to verify
Docs consulted: vrfd token-verification / index / faq / verified-insights · terminal token-page · spend risks-and-security · extension-wallet security
| Sev | Lesson says (line) | Docs say (source) | Action |
|---|---|---|---|
| 🟡 | "JupShield show warnings like Freeze Authority, Permanent Delegate, Low Organic Activity, or New Listing" (l.34) | user docs list only: Not Sellable, Not Verified, Low Liquidity, Low Organic Activity, New Listing; Freeze Authority / Permanent Delegate confirmed only in the developer Ultra API | confirm those two are named JupShield UI banners; cite a doc once confirmed |
| 🟡 | "~0.002 SOL" rent recovered closing ATA (l.84) | not stated in docs; third-party sources confirm ~0.00204 SOL | confirm figure is current; note it is approximate |
✍️ Quality (language · coherence)
Verdict: 4 blockers, 5 suggestions
| Sev | Where | Finding | Suggested fix |
|---|---|---|---|
| 🔴 | lines 34, 40, 48 | "JupShield" (one word) vs canonical "Jup Shield" in jupiter-vrfd.mdx |
replace all three with "Jup Shield" |
| 🔴 | line 38 | checklist logic self-contradictory — Q2 "Is it verified?" is a positive indicator under a "yes = bad" instruction | reframe Q2 as a negative, or split the instruction |
| 🔴 | line 67 | "as part of the swap approval" ambiguous; bare SOL/USDC |
clarify the swap transaction itself is malicious; wrap terms |
| 🔴 | line 85 | lesson ends abruptly with no closing takeaway | add a 1–2 sentence closing |
| 🟡 | line 20 | intro pre-empts the first section's definition | move the "don't react" line into the section |
| 🟡 | line 52 | "your SOL, your other tokens" redundant | "your SOL balance, your other token accounts…" |
| 🟡 | lines 42, 73 | --- dividers inconsistent with sibling safety lessons |
remove both --- |
| 🟡 | throughout | zero <Term> tags |
wrap DEX, SOL, USDC on first use |
| 🟡 | line 84 | Solflare named as sole example (reads as endorsement) | "Most Solana wallets (such as Solflare and Phantom)…" |
Quiz (proposed)
Verdict: proposed 4-question quiz
- Q1 — purpose of a dusting attack
- Q2 — Freeze Authority / Permanent Delegate scope (ATA only)
- Q3 — when a dust token becomes dangerous
- Q4 — safe removal via close-account
{
"questions": [
{
"question": "What is the primary goal of a dusting attack?",
"options": [
"To steal your private key by brute-force guessing",
"To bait you into interacting with a token you never requested",
"To drain your wallet using a smart contract exploit",
"To impersonate your wallet address on-chain"
],
"correctAnswer": 1,
"explanation": "Dusting attacks send unsolicited tokens to your wallet as bait, with the danger only activating when you attempt to interact with the token."
},
{
"question": "What do Freeze Authority and Permanent Delegate have in common when set on a dust token?",
"options": [
"Both can access your SOL balance and other tokens in your wallet",
"Both were added by Solana validators, not the token creator",
"Both are limited to interacting only with that token's Associated Token Account",
"Both require your wallet signature before they can execute"
],
"correctAnswer": 2,
"explanation": "Token-level authorities like Freeze Authority and Permanent Delegate are scoped exclusively to the token's own ATA and cannot touch your SOL or any other assets."
},
{
"question": "According to the lesson, when does a dust token become dangerous?",
"options": [
"As soon as it appears in your wallet",
"When the token creator activates the Permanent Delegate remotely",
"Only if the token has been listed on a DEX",
"When you attempt to interact with it by swapping, visiting linked sites, or claiming rewards"
],
"correctAnswer": 3,
"explanation": "Tokens on Solana cannot execute code on their own — the risk only materialises the moment you take an action such as trying to sell, look up, or claim rewards from the token."
},
{
"question": "What is the recommended safe way to remove an unwanted dust token from your wallet?",
"options": [
"Swap it for SOL on Jupiter to recover any value before it disappears",
"Use your wallet's native burn or close-account function to close the ATA",
"Send it to a burn address using the token's own website",
"Delegate it to a trusted validator who can dispose of it on your behalf"
],
"correctAnswer": 1,
"explanation": "Using your wallet's built-in close-account feature (such as Solflare's token management UI) calls the standard SPL Token Program directly and is entirely independent of anything the token creator controls."
}
]
}🤖 Ready-to-use prompt for Claude Code
Copy this into Claude Code on the PR branch to apply the fixes:
Apply the Jupiter Academy lesson review for lessons/safety-dusting.mdx.
Blockers (must fix):
1. Line 40: illustration dusting-jup-shield.png returns 404 — upload it to the CDN (use the full https://static.academy.jup.ag/images/... URL) or correct the path.
2. Lines 34, 40, 48: replace "JupShield" with "Jup Shield" to match the canonical spelling in jupiter-vrfd.mdx.
3. Line 38: fix the checklist logic — Q2 ("Is it verified via Jupiter VRFD?") is a positive indicator under a "yes = dust" instruction; reframe Q2 as a negative or split the instruction.
4. Line 67: clarify that the swap transaction itself is malicious (not a normal approval step); wrap SOL/USDC in <Term> tags.
5. Line 85: add a one- or two-sentence closing takeaway (e.g. "Dusting attacks rely on your curiosity. Ignore the token, and the attack fails.").
Suggestions (apply if you agree):
1. Line 40: switch to the full CDN URL once the file is uploaded.
2. Wrap DEX (l.67), seed phrase (l.82), SPL Token (l.84) in <Term id="..."> tags.
3. Line 34: confirm with the team that Freeze Authority and Permanent Delegate are named JupShield UI banners; cite a doc once confirmed.
4. Line 84: confirm the ~0.002 SOL rent figure is current; note it is approximate.
5. Line 20: move the "reacting is what you should not do" line into the "What Is a Dusting Attack?" section.
6. Line 52: tighten "your SOL, your other tokens" to "your SOL balance, your other token accounts".
7. Lines 42 & 73: remove the "---" dividers to match sibling safety lessons.
8. Line 84: broaden the wallet example beyond Solflare ("Most Solana wallets, such as Solflare and Phantom").
Then commit and push to this PR branch. Do not invent facts — cite docs.jup.ag where the review did. Keep the Academy tone (educational, no financial advice).
(Quiz proposal in the comment above is for the app repo — not this content repo.)
Re-run with /review-lesson-pr 27 after pushing — this comment updates in place.
Collaborator
📚 Lesson review —
|
| Sev | Where | Finding | Suggested fix |
|---|---|---|---|
| 🟡 | line 30 / /lessons/safety-dusting |
internal link target not yet in repo — it is in open PR #27 (this same PR) | ensure both lessons merge together so the link resolves |
🔎 Accuracy vs docs.jup.ag
Verdict: ✅ PASS
Docs consulted: vrfd index / token-verification · swap tokens-and-trading · offerbook security-and-risks
All Jupiter-specific claims (verified badge, VRFD token list) confirmed by docs. General crypto-safety claims (rug-pull patterns, fake airdrops, audit firms Zenith/OtterSec/Certora) are accurate and uncontradicted.
✍️ Quality (language · coherence)
Verdict: 1 blocker, 7 suggestions
| Sev | Where | Finding | Suggested fix |
|---|---|---|---|
| 🔴 | line 19 | "Signs to watch for might include:" — double hedging weakens a safety warning | "Warning signs include:" |
| 🟡 | line 19 | choppy "Creators … Creators then…" subject repeat | merge into one sentence |
| 🟡 | line 17 | heading uses plain hyphen vs em dash in body | standardize the dash |
| 🟡 | lines 34, 36 | "contract address" vs sibling lessons' "mint address" | use "mint address" (Solana-native term) |
| 🟡 | line 28 | no blank line after the "Fake Airdrops" heading | add a blank line |
| 🟡 | line 28 | dusting-attack term used before its inline definition | lead with the definition |
| 🟡 | lines 19–38 | no closing takeaway/recap | add a "Before You Buy" action summary |
| 🟡 | lines 19–38 | only 2 <Term> usages (both defi) |
wrap "Solana" (l.34) and other key terms |
Quiz (proposed)
Verdict: proposed 4-question quiz
- Q1 — what defines a rug pull
- Q2 — ignoring unsolicited tokens (dusting)
- Q3 — verifying a token via its mint address
- Q4 — rug-pull warning signs
{
"questions": [
{
"question": "What is the defining action that makes something a rug pull?",
"options": [
"A hacker exploits a smart contract vulnerability to steal funds",
"Project creators drain liquidity and disappear after building hype",
"A token loses value due to poor market conditions",
"Users are tricked into revealing their seed phrases"
],
"correctAnswer": 1,
"explanation": "A rug pull is an intentional exit scam where creators drain the project's funds and disappear, leaving investors with worthless assets."
},
{
"question": "You notice an unfamiliar token has appeared in your wallet that you never purchased. According to the lesson, what should you do?",
"options": [
"Immediately swap it for SOL to recover any value",
"Send it to a burn address to clean up your wallet",
"Ignore it and do not interact with it",
"Report it by clicking any link associated with the token"
],
"correctAnswer": 2,
"explanation": "Unknown tokens sent to your wallet are often dusting attacks designed to lure you into interacting with a malicious contract, so you should simply ignore them."
},
{
"question": "A token named USDC is trading on Jupiter. What is the most reliable way to confirm it is the legitimate stablecoin?",
"options": [
"Check that its market cap is similar to the real USDC",
"Confirm it has a high trading volume",
"Verify its contract address matches the official USDC mint address",
"See whether it carries the Jupiter verified badge"
],
"correctAnswer": 2,
"explanation": "Any token can be named USDC on Solana, so the only reliable check is comparing the token contract address against the address published on the official project website."
},
{
"question": "Which combination of warning signs does the lesson identify as red flags for a potential rug pull?",
"options": [
"Low trading volume and a recently launched mainnet",
"Anonymous team, guaranteed high yields, and no public security audit",
"Unverified token badge and fewer than 10,000 Twitter followers",
"High token price and a small circulating supply"
],
"correctAnswer": 1,
"explanation": "The lesson specifically lists an anonymous team with no track record, promises of guaranteed high yields, and the absence of a reputable public audit as key rug-pull warning signs."
}
]
}🤖 Ready-to-use prompt for Claude Code
Copy this into Claude Code on the PR branch to apply the fixes:
Apply the Jupiter Academy lesson review for lessons/safety-rugs.mdx.
Blockers (must fix):
1. Line 19: replace "Signs to watch for might include:" with "Warning signs include:" — drop the double hedging in a safety warning.
Suggestions (apply if you agree):
1. Line 30: the /lessons/safety-dusting link targets a lesson added in this same PR (#27) — ensure both lessons merge together so the link resolves in production.
2. Line 19: merge the two "Creators…" clauses into one sentence.
3. Line 17: standardize the heading dash (em dash to match body style).
4. Lines 34 & 36: replace "contract address" with "mint address" to match Solana terminology and sibling lessons.
5. Line 28: add a blank line after the "Fake Airdrops" heading; lead with the dusting-attack definition.
6. After line 38: add a short closing "Before You Buy" summary tying the three threat types together.
7. Line 34: wrap "Solana" in <Term id="solana"> and raise <Term> density toward sibling lessons.
Then commit and push to this PR branch. Do not invent facts — cite docs.jup.ag where the review did. Keep the Academy tone (educational, no financial advice).
(Quiz proposal in the comment above is for the app repo — not this content repo.)
Re-run with /review-lesson-pr 27 after pushing — this comment updates in place.
Agentic feedback: minor corrections on grammar, punctuation, syntax
Agentic feedback: minor corrections on grammar, punctuation, syntax
Contributor
Author
|
Agentic feedback addressed. No further comments. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Added new lesson on dusting. Written by Bryan.
Added a lesson crosslink from existing safety-rugs lesson to new safety-dusting lesson.