SOST OTC / P2P — Community Board (Non-Custodial)

// COMMUNITY OTC / P2P BOARD LIVE

The active community discussion board for SOST OTC / P2P talk lives inside SOST Talk. Users post voluntary offers (such as WTB 100 SOST / WTS 50 SOST) and coordinate trades among themselves. SOST Protocol does not intermediate, custody, or escrow any trade posted there. Use small test transactions and verify all addresses independently.

SOST Protocol does NOT intermediate trades.
SOST Protocol does NOT custody funds.
SOST Protocol does NOT provide escrow.
SOST Protocol does NOT guarantee buyers, sellers, price, liquidity, settlement, or safety.
Admins never DM first. Anyone claiming "official escrow" or "guaranteed buyer/seller" is a scam.
Report suspicious messages; use small test transactions first.

// THREE RULES THAT STOP MOST OTC SCAMS

Screenshots are NOT proof of payment. A screenshot the counterparty sends you can be edited, faked, or come from a different account. Until the money is in your bank or wallet, you have not been paid.
Verify funds DIRECTLY in your bank or wallet — log in and check the balance/transaction yourself. Do NOT trust SMS notifications, email alerts, or push notifications alone (they can be spoofed and they lag the actual settlement).
Beware payment methods with chargeback risk. Wait the FULL clearing window before releasing SOST:
- PayPal Friends & Family — reversible up to 180 days. Treat as unsafe for OTC.
- SEPA / instant bank transfer — can be reversed up to 8 weeks (recall, fraud dispute). Wait the period or take the risk.
- Wise / Revolut instant transfer — can be reversed if the sender claims fraud.
- Cash in person — irreversible. Safest fiat method for OTC.
- USDC / USDT settled on-chain — irreversible after confirmations. Safest crypto-vs-crypto method.

Open SOST Talk → OTC / P2P Board Community Rules

// PATTERN RECOGNITION

Scammer vs Honest Counterparty

Quick visual reference. If your counterparty is doing things in the left column, stop the trade.

⚠ SCAMMER BEHAVIOUR

Sends a screenshot of payment and pressures you to release SOST immediately.
Wants to move chat to Telegram / Signal / WhatsApp / DM right away.
Claims "I'm verified", "I'm an admin", "I work with SOST".
Asks YOU to send SOST first — "I'll send the payment after".
Uses urgency: "release fast", "order is about to expire", "hurry up please".
Offers a price MUCH better than market (red flag by itself).
Pays via PayPal F&F or instant SEPA and tells you "you can release now, it's settled".
Claims an "official SOST escrow" exists. (There is none.)

✓ HONEST COUNTERPARTY

Tells you they paid and lets you verify in your bank/wallet at your pace.
Continues talking in the public OTC / P2P Board chat (no rush to leave).
Makes no "official" claims; presents the trade on equal footing.
Agrees to a small test transaction first OR a mutually-trusted third-party escrow.
Respects the chargeback clearing window for the chosen payment method.
Offers a price close to the prevailing market.
Uses irreversible settlement (cash in person, on-chain USDC/USDT with confirmations).
Acknowledges that SOST Protocol does not intermediate or escrow.

// WHY NON-CUSTODIAL

Why SOST does not intervene in OTC trades

The non-custodial model is not a limitation we plan to "fix" with automation. It is a deliberate design choice that protects both the user and the protocol. Here is the full reasoning, in plain language.

The line, in one sentence:
The moment SOST holds funds, verifies payments, decides disputes, or matches counterparties, SOST stops being a community board and becomes a regulated financial intermediary — with licensing obligations, custodial liability, and personal exposure for the operator.

✓ WHAT SOST IS TODAY (non-custodial board)

A discussion room where users post voluntary offers (WTB / WTS).
SOST never holds, transfers, escrows, or matches funds.
Trades happen entirely between users, off-platform.
Legally analogous to a classified-ads board (Wallapop / Craigslist / Milanuncios).
No money-transmitter license required because no money is transmitted by SOST.
No KYC required because SOST does not custody user identity or funds.
If two users defraud each other, it is between them. SOST has no legal liability.

⚠ WHAT SOST WOULD BECOME (regulated intermediary)

If SOST holds SOST until payment confirmed = escrow service = custodian.
If SOST verifies payment landed = payment processor / money transmitter.
If SOST decides disputes = quasi-judicial / arbitration body.
If SOST matches buyers/sellers automatically = exchange.
Each of these triggers different licensing regimes (EU MiCA, US MSB + state-by-state MTL, FinCEN registration, FATF travel rule, AML compliance officer).
Mandatory KYC of every user. Personal data custody. Sanctions screening.
Compliance cost: typically $200k-$500k/year minimum, plus legal counsel.
Operator (the human running the protocol) is personally liable for lost funds, hacked balances, sanctioned transactions, missed reports.

// WHY NON-CUSTODIAL PROTECTS YOU (the user)

No honeypot. SOST holds zero user funds. A hack of sostcore.com cannot drain anyone's balance because the site has nothing to drain. Custodial exchanges (Mt. Gox, FTX, QuadrigaCX, hundreds of others) lost user funds because they HAD funds to lose.
No frozen accounts. SOST cannot freeze your funds because SOST never had them. Your SOST balance lives in your own wallet, controlled by your own private key.
No mandatory KYC. You can use the OTC board with a pseudonym. SOST has no identity database to leak.
No third-party risk you didn't choose. You pick your counterparty, your payment method, your verification process. You are not depending on SOST's solvency, security practices, or legal status.

// WHY NON-CUSTODIAL PROTECTS THE PROTOCOL

Regulatory survival. The protocol cannot be shut down for unlicensed money transmission because it transmits no money. The compliance regime that closes most crypto P2P services simply does not apply.
No single point of legal failure. Regulators cannot serve a takedown order for funds that SOST never holds. The operator cannot be jailed for "facilitating" a transaction they had no part in.
Bankruptcy-remote by design. If sostcore.com goes offline, the chain keeps running and user funds keep working because they were never in sostcore.com's custody.
Forkability. Anyone can run an independent SOST node + their own community board. The protocol does not depend on the operator's legal continuity.

✓ WHAT SOST CAN DO (and does) against fraud

The non-custodial model does not mean "do nothing". It means "arm the user, do not intervene". SOST does:

SOST Sentinel — an automated chat moderation bot that flags messages matching known scam patterns (release-first, hurry-up, move-to-DM, screenshot-as-proof, fake admin claims, advance-fee fraud, screen-share scams, multi-buyer pressure, fake-merchant claims). Sentinel warns; Sentinel does not seize funds, decide disputes, or block trades.
Pre-trade safety checklist — shown once per browser when the user first opens the OTC room. Six items the user must acknowledge before posting.
Three tactical rules — screenshots are not proof, verify funds directly in your bank/wallet, beware chargeback methods. Repeated in the safety banner every time the OTC room is open.
Scammer-vs-honest counterparty table — pattern recognition reference. If your counterparty matches the left column, stop the trade.
Annotated real-scam examples (below) — concrete conversation transcripts with red-flag annotations so users can see what an attack looks like in practice.
Community OTC Reputation room — opt-in space where users share experiences with past counterparties. SOST does NOT verify these claims. Reputation in a non-custodial board is community-curated, not platform-attested.

⚠ WHAT SOST CANNOT DO (and will not add, ever)

Escrow of SOST on-platform — would make SOST a custodian.
Automated payment verification — would make SOST a payment processor.
Dispute resolution / arbitration — would make SOST a quasi-judicial body.
Auto-matching of buyers and sellers + execution — would make SOST an exchange.
"Verified Merchant" / "Trusted Trader" badges issued by SOST — would make SOST liable for the verification.
Insurance fund / chargeback guarantee — implies custody and reserve management.

Every item above looks user-friendly. Every item above is the trip-wire that has shut down or sanctioned P2P platforms in the past. The non-custodial line is the protection.

Precedents — the largest P2P boards run on the same model. Bisq (decentralized, non-custodial escrow via 2-of-2 multisig, no central operator), Hodl Hodl (non-custodial, multisig escrow, no platform custody), AgoraDesk (non-custodial, P2P only, no platform funds), LocalCoinSwap (non-custodial wallet model), and the historic LocalBitcoins model (operator-managed escrow + KYC) which ultimately closed in 2023 after the regulatory weight became unmanageable. The pattern is clear: non-custodial survives, custodial-without-licenses gets shut down.

// V14 ROADMAP · SUPPORTED ASSETS

Atomic Swap V14 — 7 supported asset pairs

⚠ DISABLED — CODE UNDER REVIEW

The SOST-side HTLC consensus, wallet helpers, RPC, and CLI for atomic swaps are code-complete and tested on a candidate branch, but NOT active. The activation height constant ATOMIC_SWAP_HTLC_ACTIVATION_HEIGHT stays at INT64_MAX (sentinel OFF) until counterparty integrations (Phase 4) ship and external cryptographic review (Phase 5) signs off. Target activation: V14 / block 15,000.

✓ CATEGORY A — TRUST-MINIMIZED

SOST ↔ BTC

Bitcoin Script HTLC (P2WSH or Taproot). SHA-256 hashlock. CLTV timeout. No issuer.

SOST ↔ ETH

EVM HTLC contract on Ethereum mainnet. SHA-256 precompile. Block-number timeout. No issuer.

SOST ↔ BNB

Same EVM contract redeployed on BNB Chain. BNB itself is not issuer-freezable. Chain-governance caveat: BNB Chain is operated by Binance.

⚠ CATEGORY B — ISSUER-RISK (NOT FULLY ATOMIC)

These four assets use the SAME cryptographic HTLC mechanism as Category A, but the underlying token can be frozen by its issuer at any time. If the issuer freezes the counterparty side mid-swap, the SOST side can still refund (cryptographic atomicity holds) but the counterparty side becomes uncollectible until (or unless) the issuer manually unfreezes.

Use small amounts. For larger amounts prefer Category A (SOST ↔ BTC / ETH / BNB).

SOST ↔ USDT

ERC-20 (Ethereum/Tron). Tether Limited can freeze any USDT address.

SOST ↔ USDC

ERC-20 (Ethereum). Circle operates an active blacklist and has frozen funds under sanction/court orders.

SOST ↔ PAXG

Paxos Gold ERC-20. Paxos can freeze any PAXG address. Underlying physical gold custodied by Paxos.

SOST ↔ XAUT

Tether Gold ERC-20. TG Commodities can freeze any XAUT address. Physical gold custody risk.

Button intentionally disabled. Gate is INT64_MAX (sentinel OFF). See docs/reviews/ATOMIC_SWAP_PRE_ACTIVATION_REVIEW.md.

// PRE-ACTIVATION CHECKLIST

✓ HTLC_LOCK structural validation (R17) — DONE
✓ HTLC_CLAIM_WITNESS marker (R18) — DONE
✓ HTLC_CLAIM validation rules (R19-R22) — DONE
✓ HTLC_REFUND validation rules (R23-R24) — DONE
✓ Wallet/RPC/CLI scaffolding (gated) — DONE
□ Phase 4A: Bitcoin Script HTLC builder — PENDING
□ Phase 4B: EVM Solidity HTLC contract — PENDING
□ Phase 4C: cross-chain coordinator state machine — PENDING
□ Phase 5: external cryptographic + economic review — PENDING
□ Re-flip gate INT64_MAX → V14_HEIGHT — PENDING (only after all of the above are GREEN)

// V14 ROADMAP · INTERACTIVE WIZARD · PREVIEW ONLY

Atomic Swap wizard — 6-step flow preview

⚠ MAINNET NOT ACTIVE PRIVATE BETA · TESTNET ONLY PREVIEW MODE · ALL ACTIONS DISABLED

The wizard below shows what a SOST ↔ counterparty atomic swap will look like once the BTC signing backend (Phase 4A-2 / libwally vendoring), the EVM contract hardening (Phase 4D), and the external cryptographic + economic review (Phase 5) are all green. Until then, every action button is intentionally disabled. The wizard exists so operators can see the full flow, the asset-specific warnings, and the recovery options BEFORE the system goes live, not after.

Choose the asset pair

Select the counterparty asset. SOST is always one leg. The other leg determines the cryptographic guarantees and the residual risks.

BTC

Cryptographically trust-minimized. Wait for 6+ confirmations on Bitcoin. No issuer can freeze BTC.

ETH / BNB

Trust-minimized for native coin. The HTLC contract is verifiable on-chain; review its source before depositing.

USDT / USDC

The issuer (Tether / Circle) can freeze ANY address at any time. If your counterparty's address is frozen mid-swap, the SOST side can still refund but the stablecoin side becomes uncollectible.

PAXG / XAUT

Same freeze risk as USDT/USDC PLUS physical gold custody risk at the issuer. Use small amounts.

Generate the swap secret

Your wallet generates a 32-byte random secret (the preimage) and computes its SHA-256 hash (the hashlock). The hashlock is shared with the counterparty; the preimage is kept private and revealed only at claim time. Anyone who learns the preimage can claim the SOST side — treat it like a private key.

No keys are generated in preview mode.

Create the SOST lock (HTLC)

Your wallet builds and broadcasts a SOST OUT_HTLC_LOCK output committing your SOST to the hashlock, with a refund window that opens at the height specified by your timeout-discipline rule (Initiator: refund opens LAST; Responder: refund opens FIRST). The lock is on-chain and visible to anyone; the counterparty verifies it before locking their side.

$ sost-cli htlc-lock --amount 100 --hashlock 0x<hex> --refund-height <N> --claim-address <cp_addr>

Verify the counterparty lock

The counterparty locks their side (BTC P2WSH, EVM HTLC contract, or stablecoin lock inside the EVM contract). Your wallet observes the counterparty chain, confirms the lock uses the same hashlock you generated, verifies the lock amount matches, and waits for the configured number of confirmations on that chain (e.g. 6 for BTC). The wizard surfaces a yellow status until your wallet has BOTH locks confirmed.

SOST LOCK: status — waiting for confirmations (preview)

COUNTERPARTY LOCK: status — waiting for confirmations (preview)

Reveal the preimage and claim

Once both locks are confirmed, you claim the COUNTERPARTY side first (revealing the preimage on their chain). The counterparty then uses that revealed preimage to claim the SOST side. Order matters: as the initiator you claim FIRST so the counterparty sees the preimage in time; as the responder you claim SECOND so you do not give away the preimage before getting your funds.

$ sost-cli htlc-claim --lock-txid <txid> --preimage 0x<hex> --destination <your_addr>

Refund if anything goes wrong

If the counterparty disappears, refuses to claim, or their side gets frozen by an issuer (USDT/USDC/PAXG/XAUT), you wait for your refund window to open and then broadcast a refund transaction. The cryptographic guarantee is: you cannot lose your SOST — either the swap completes (you claim the counterparty side) or you refund (you get your SOST back unchanged). The counterparty has the same property for their side. The wizard surfaces a countdown to your refund window opening so you know when refund becomes available.

$ sost-cli htlc-refund --lock-txid <txid> --destination <your_addr>

// WHEN DO THE BUTTONS UNLOCK?

Phase 4A-2 — libwally-core vendored, BIP-143 / BIP-173 / BIP-350 / P2WSH test vectors all green (currently 7 / 27 green; the rest are PENDING per docs/design/ATOMIC_SWAP_BTC_TEST_VECTOR_GAP.md).
Phase 4D — EVM HTLC contract hardened with the full Phase D test set (currently 29 baseline Foundry tests passing; +10 hardening tests pending per docs/design/ATOMIC_SWAP_EVM_HARDENING_STOP_REPORT.md).
Phase 4E — end-to-end testnet swaps SOST ↔ BTC testnet AND SOST ↔ Sepolia ETH AND SOST ↔ Sepolia ERC-20 (PENDING).
Phase 5 — external cryptographic + economic + smart-contract audit. The activation height stays at INT64_MAX until the auditor signs off in writing.
Activation PR — flips ATOMIC_SWAP_HTLC_ACTIVATION_HEIGHT from INT64_MAX to V14_HEIGHT AND SOST_BTC_HTLC_SIGNING from OFF to ON in coordinated commits. Both flips need audit evidence.

Until every item above is GREEN, this section stays a preview. There is no admin override, no manual unlock, no escrow operator. The buttons above unlock only when the protocol does — not when a UI flag is flipped.

// LEARN BY EXAMPLE

Real scam examples

Anonymized transcripts of actual scam attempts seen on similar P2P boards. Red annotations point at the moment the user should have stopped the trade. Read these before your first OTC trade.

EXAMPLE 1 — The screenshot scam

SELLER (you): Hi, I have 500 SOST listed at 0.0001 BTC each.

BUYER: Great, I'll take all 500. Send BTC to bc1q...?

SELLER: Yes, my BTC address is bc1q.... Please confirm when sent.

BUYER: Sent! Here's the screenshot. [image: blockchain explorer showing 0.05 BTC] Please release my SOST now, I have another trade waiting. <- RED FLAG #1: pressure + screenshot

SELLER: Let me check.

BUYER: Hurry please, my other trade expires in 5 min. <- RED FLAG #2: urgency

⚠ WHAT WENT WRONG

The screenshot was either edited or showed a transaction to a different address. The seller logged into their wallet directly and saw no incoming transaction. The buyer kept pressuring until the seller realized the scam and stopped.
The rule that would have stopped this: never release SOST based on a screenshot. Verify the transaction directly in your wallet / blockchain explorer using the txid you control.

EXAMPLE 2 — The move-to-DM + fake admin

BUYER (you): WTB 200 SOST at 0.0001 BTC each, paying USDT TRC20.

SELLER: Hi, I have 200 SOST. Let's move to Telegram to coordinate faster. @sost_admin_official <- RED FLAG #1: move-to-DM + impersonates official handle

BUYER: OK (messages on Telegram)

SELLER (Telegram): I'm a SOST official seller, I have inventory at warehouse. Send USDT to TXkS..., I release SOST through the official SOST escrow. <- RED FLAG #2: claims "official SOST escrow" (there is none)

⚠ WHAT WENT WRONG

Two compounding lies. First, the seller moved the chat off-platform to escape Sentinel (which would have flagged the false-admin claim). Second, the seller invented an "official SOST escrow" that does not exist. The buyer sent USDT to the seller's address and never received SOST.
The rule that would have stopped this: SOST admins never DM first. There is no "official SOST escrow". The only official SOST channels are the public website, the public BitcoinTalk thread, and the public SOST Talk rooms. Anyone who initiates contact via DM claiming to be official is a scammer.

EXAMPLE 3 — The advance-fee / "activation fee" scam

BUYER (you): Interested in your offer for 1000 SOST.

SELLER: I have 1000 SOST locked in the SOST official escrow. To release them, you need to pay a 0.005 BTC activation fee first. Once paid, the escrow releases automatically. <- RED FLAG: pay something small first to unlock something bigger = advance-fee fraud

BUYER: That doesn't sound right.

SELLER: It's the standard SOST procedure, you can verify with the admin. <- compounds with fake-admin reference

⚠ WHAT WENT WRONG

Classic 419-style advance-fee fraud, adapted to crypto. The "activation fee", "escrow unlock fee", "tax fee", "processing fee" do not exist. There is no SOST escrow. The buyer would have lost the 0.005 BTC and received nothing.
The rule that would have stopped this: SOST has no fees, no escrow, no "procedure" that requires you to pay first to unlock anything. Anyone asking for an up-front fee to release a trade is running an advance-fee scam.

EXAMPLE 4 — Wallet-verification phishing

SCAMMER (DM to you): Hi, I'm from SOST support. To trade on the OTC board you need to verify your wallet first. Please visit sost-verify[.]net/wallet and connect your wallet. <- RED FLAG #1: SOST admins never DM first, lookalike domain

SCAMMER: If you don't verify, your wallet will be flagged and you won't be able to receive SOST. <- RED FLAG #2: fake threat, no such system exists

⚠ WHAT WENT WRONG

The lookalike site (sost-verify[.]net instead of sostcore.com) is a phishing page that asks for the wallet seed phrase or private key under the guise of "verification". The user's wallet gets drained the moment the seed is entered.
The rule that would have stopped this: the ONLY official SOST domain is sostcore.com. Any other domain that looks SOST-related is a scam. NO legitimate process EVER asks for your seed phrase or private key. There is no "wallet verification" system on SOST.

⚠ IF YOU HAVE BEEN SCAMMED

SOST cannot recover funds because SOST never held them. What you can still do, in order:

If you sent fiat by reversible method (PayPal F&F, SEPA, Wise, Revolut, credit card): contact your bank / payment provider IMMEDIATELY and file a fraud reversal. The clearing windows (PayPal F&F up to 180 days, SEPA up to 8 weeks) work in your favour here.
If you sent crypto on-chain: the transaction is irreversible. Document the scammer's address, the txid, the conversation logs, and report to chain-analytics providers (Chainalysis, Elliptic) who may flag the address for exchanges.
If you entered a seed phrase or private key into a phishing site: assume the wallet is fully compromised. Move any remaining funds to a brand-new wallet (new seed) immediately. The old wallet is permanently unsafe.
Report the scammer in the OTC / P2P Board chat using the report button. The Sentinel bot logs the offender. Share the lesson in the OTC Reputation room (community-curated, unverified) so others know.
File a police report in your jurisdiction. Crypto fraud is increasingly investigated. Your report adds to the pattern.
Do NOT pay any "recovery agent" / "fund-recovery service" that contacts you afterwards. That is a follow-up scam — they take a fee and recover nothing.