Security
Chisino is built with security as a top priority. Every outcome is provably fair, and all smart contracts follow industry best practices.
Provably Fair Randomness
Cryptographic verification ensures every outcome is tamper-proof.
All scratch card outcomes are determined by Goldsky VRF (Verifiable Random Function), with a planned upgrade to MegaETH's native VRF for deeper chain-level integration.
Neither participants nor the contracts can predict or influence outcomes
Participants, contract owners, or validators cannot tamper with the randomness
Anyone can verify that outcomes match the VRF proof on-chain
Smart Contract Security
Built on battle-tested frameworks with defense-in-depth patterns.
Built on battle-tested OpenZeppelin contracts for ERC-20, ERC-721, AccessControl, ReentrancyGuard, and Pausable patterns.
Using a recent stable Solidity version with built-in overflow protection and modern language features.
| Pattern | Protection |
|---|---|
| ReentrancyGuard | Prevents reentrant attacks on state-changing functions |
| AccessControl | Role-based permissions for admin functions |
| Pausable | Emergency pause capability on Prize Pool |
| SafeERC20 | Safe token transfer handling |
Audit Status
Third-party security reviews and their current progress.
Audit information will be published here prior to mainnet launch. All audit reports will be made publicly available.
Protocol Risks
Known risks participants should understand before interacting with the protocol.
Participation in Chisino involves risks. This is not an exhaustive list. Participants should consult their own legal and financial advisors.
Recovery timelines and fee distributions depend on yield rates from external protocols, which fluctuate based on market conditions. No specific yield rates, recovery timelines, or distribution amounts are promised.
Despite security best practices and audits, smart contract vulnerabilities can never be fully eliminated. A bug or exploit in Chisino contracts or underlying yield source contracts could result in loss of funds.
Outcome determination depends on VRF provider availability. The protocol plans to migrate to MegaETH's native VRF for deeper chain-level integration.
pUSD is backed by stablecoins on MegaETH. Depeg events in underlying stablecoins would affect the protocol.
Deposited capital is deployed to external yield strategies, which carry their own smart contract and economic risks.
The regulatory treatment of onchain protocols varies by jurisdiction. Participants are responsible for understanding and complying with laws applicable in their jurisdiction.
Ticket recovery depends on yield generation. If yield sources underperform, are exploited, or become unavailable, recovery may be delayed or incomplete. The $0.05 protocol fee per play is not recoverable.
User Security Tips
Best practices to keep your wallet and funds safe.
Always verify you're interacting with official Chisino contracts
Access Chisino only through official website and social channels
Chisino will never ask for your seed phrase or private keys
Always review what you're signing in your wallet before approving
Responsible Disclosure
How to report security vulnerabilities safely and responsibly.
Found a security vulnerability? We appreciate responsible disclosure. Please report security issues to our team through official channels.
Never exploit vulnerabilities. Report them responsibly to protect users and the protocol.