Security

How we keep your funds safe.

Self-Custody

Your funds are yours. The contract holds deposits, but only you can withdraw.

No admin can:

Take your funds
Freeze your account
Prevent withdrawals

Smart Contract Security

Verified Code

Contract source is verified on MonadVision. Read it yourself.

0xB55bf66Ba4eE488Cedb5EE49bfe4Edaf2F54b022

UUPS Proxy

Upgrades are possible but controlled:

3-of-5 multisig required
48-hour timelock
Public announcement before execution

Reentrancy Protection

All external calls follow checks-effects-interactions. State updates before transfers.

Access Controls

modifier onlyOwner() {
    require(msg.sender == owner, "Not owner");
    _;
}

Critical functions restricted to multisig.

Known Risks

Smart Contract Risk

All DeFi has contract risk. Bugs can cause loss of funds. Only deposit what you can afford to lose.

Oracle Risk

Resolution depends on correct proposals and challenges. Malicious actors could propose wrong outcomes. The bond system deters this but doesn't eliminate it.

AMM Slippage

Large trades move prices. You might get worse execution than expected. Always check the quote before confirming.

Upgrade Risk

Contract can be upgraded. Malicious upgrades could theoretically steal funds. Mitigated by multisig + timelock + public signers.

USDC Allowances

When you deposit, you approve USDC spending.

Best practice:

Approve exact amount, not unlimited
Revoke approval after withdrawing if concerned

Check allowances at revoke.cash.

Challenge Window Edge Cases

Window Expiry

If you miss the challenge window, wrong outcomes can finalize. Set reminders for markets you care about.

Timeout Griefing

Theoretically someone could keep challenging to delay resolution. Bond escalation makes this expensive. After 7 days, market voids.

Recommendations

Start small — Test with small amounts first
Verify addresses — Always check you're on the right contract
Monitor positions — Watch for resolution proposals
Diversify — Don't put everything in one market
Understand the risks — Read this page before depositing

Reporting Issues

Found a bug? Security vulnerability?

Contact: [email protected]

Responsible disclosure appreciated. Bounties available for critical issues.

PreviousFAQ NextChangelog

Last updated 1 month ago

Good evening

hashtagSelf-Custody

hashtagSmart Contract Security

hashtagVerified Code

hashtagUUPS Proxy

hashtagReentrancy Protection

hashtagAccess Controls

hashtagKnown Risks

hashtagSmart Contract Risk

hashtagOracle Risk

hashtagAMM Slippage

hashtagUpgrade Risk

hashtagUSDC Allowances

hashtagChallenge Window Edge Cases

hashtagWindow Expiry

hashtagTimeout Griefing

hashtagRecommendations

hashtagReporting Issues