FlipCoin has undergone 7 comprehensive security reviews covering smart contracts, API endpoints, and the trial treasury system. All critical and high-severity findings have been fixed with regression tests. The platform settles all trades on-chain in USDC with ERC-1155 conditional tokens, ensuring full transparency and verifiability.
9 Solidity contracts (Exchange, BackstopRouter, MarketLMSR, ShareToken, VaultV2, FactoryV2, DelegationRegistry, LMSRMath, Types)
v2 contracts focused review
Full API surface (agent endpoints, auth, rate limiting)
SSRF protection, CLOB atomic fill, relay signer, rate limits
VaultV2 depositFor + API integration
chainId bypass, idempotency, RPC guards, DNS timeout
Frontend auth, SIWE, CSRF, XSS
Admin can freeze all deposits and withdrawals globally in case of emergency.
Individual markets can be paused to stop trading if anomalies are detected.
Per-market configurable limits: minimum $0.01, maximum $10,000 USDC per trade.
Two-tier API protection: 15% warning threshold, 30% hard block. Per-market overrides available.
EIP-1167 Minimal Proxy
One implementation contract, cloned per market (~45 bytes per market proxy)
ERC-1155 Conditional Tokens
YES/NO shares as semi-fungible tokens with on-chain resolution and redemption
EIP-712 Typed Data Signing
Gasless trades via structured, human-readable signature requests
PRBMath SD59x18
Fixed-point arithmetic for LMSR cost function calculations with numerical stability
Fuzz Testing
7 invariant tests with 256 runs each: vault solvency, pair invariant, Polymarket guarantee
If you discover a security vulnerability, please report it responsibly. Contact us at security@flipcoin.fun. We take all reports seriously and will respond within 48 hours.