Safety & Privacy

Frontrun Safety & Privacy Overview

Frontrun is a lightweight Chrome extension that layers read‑only insights on top of the sites you already use (X, Solscan, GMGN, Axiom, Photon, and more). It never alters core site code or intercepts transactions—you simply see extra labels, tooltips, and analytics that help you trade smarter.

1. Open‑sourced Plasmo build

The exact bundle that ships to the Chrome Web Store is public here: https://github.com/FrontrunPro/frontrun-extension. Anyone can clone, diff, and audit it line‑by‑line.

Instructions for self auditing

Prefer to verify things yourself? Copy the open‑sourced bundle—or any file within it—into:

  1. ChatGPT code‑inspection mode (or any LLM of your choice) to scan for suspicious patterns.

  2. Traditional static‑analysis tools like ESLint, SonarQube, or malware‑scanners.

A quick run‑through in ChatGPT o3(example) showed no credential stealers, no hidden miners, and content scripts limited to six whitelisted domains—but don’t just take our word for it. You can reproduce that check in minutes

You can chat with the codebase using DeepWiki.

why only open source the build?

We’ve open-sourced the exact Plasmo build that we publish to the Chrome Web Store. This bundle contains every line of code that actually runs in your browser when you use the Frontrun extension.

We haven’t released the entire development repository because we work in a monorepo that also includes private packages and internal tooling unrelated to the extension. Those components contain proprietary logic and infrastructure code, so keeping them private protects both intellectual property and security.

By sharing the Plasmo build, we provide full transparency into what’s shipped to users while sensibly separating out non-essential, internal modules. If you’d like to audit the build, you can even paste it into ChatGPT for a line-by-line review: https://chatgpt.com/c/684bb27d-5ebc-8003-acb5-58f730904425

2. Why We Request Each Permission

Chrome Permission
What We Use It For
Your Benefit

storage

Keeps your labels, watch‑lists, and UI preferences locally—nothing goes to our servers.

Your settings persist between sessions.

scripting

Injects tiny scripts that draw overlays on supported sites.

See wallet labels, fee‑cut indicators, etc.

sidePanel

Renders the Frontrun control panel.

Manage features in one click.

webRequest

Caches API calls and throttles network traffic.

Faster page loads & lower data usage.

windows

Opens pop‑ups for settings and onboarding.

Clean UX without cluttering new tabs.

identity (optional)

OAuth sign‑in only if you choose to sync settings across devices.

Seamless experience from laptop to desktop.

Note: This list is a strict subset of the permissions requested by most Web3 wallets (e.g., Phantom wallet).

3. Your Security, Front and Center

✅ What We Do NOT Collect

🛡️ What We Do for Safety

Private keys or seed phrases

Open‑sourced the shipped build for public scrutiny

Clipboard data (no read/write access)

Run all logic client‑side—no keystrokes or browsing history sent to us

Hidden background crypto‑miners

Use battle‑tested libraries and standard MV3 architecture

4. Still Have Questions?

Join our Telegram group or open a GitHub issue. We’ll walk you through the code, permissions, or architecture in real time.

Frontrun is built by traders, for traders—with privacy and security baked in from day one.

PreviousTeamNextTrusted by Traders

Last updated