Security Audit

Transparency is not optional.

Current Status

Chain Hold'em has undergone internal security review covering the smart contract, backend API, frontend, infrastructure, and key management. A formal third-party audit by a recognized firm (Trail of Bits, OpenZeppelin, Spearbit, or equivalent) is planned before public launch.

Smart Contract

The ChainHoldemVault contract is deployed on Base mainnet and verified on BaseScan. The source code is readable by anyone:

View verified source on BaseScan →

Key Security Properties

  • Zero-sum settlement — Every batch settlement enforces that gains + losses + rake = 0. The signer cannot create money.
  • Per-delta cap — No single player can gain or lose more than 100 USDC per hand (configurable by owner).
  • Pausable — The owner can freeze all operations in an emergency.
  • Ownable2Step — Ownership transfer requires explicit acceptance, preventing accidental lockout.
  • Non-custodial — Users deposit and withdraw directly. No intermediary holds funds.

Test Coverage

The contract has 58 Foundry tests covering deposits, withdrawals, settlements, access control, reentrancy protection, signature validation, and soft-launch controls. Branch coverage on the vault contract is 100%.

Report a Vulnerability

If you discover a security issue, please report it responsibly to [email protected]. We commit to acknowledging reports within 48 hours.