Security
Hypercall is committed to building a secure trading platform. As we progress toward mainnet, security is a core focus at every stage of development.
Current Status
Hypercall is currently in testnet. Smart contracts and backend systems are under active development and have not yet undergone formal security audits.
Do not deposit real funds. Testnet uses test tokens only.
Pre-Mainnet Security Plan
Before mainnet launch, we will complete:
- Smart Contract Audits - Independent security audits of all on-chain contracts
- Penetration Testing - Third-party security assessment of API and infrastructure
- Bug Bounty Program - Public program to incentivize responsible disclosure
- Formal Verification - Where applicable, formal verification of critical contract logic
Audit reports will be published here upon completion.
Architecture Security
Hypercall's hybrid architecture separates concerns:
| Component | Security Model |
|---|---|
| Smart Contracts | On-chain, auditable, upgradeable via timelock |
| Matching Engine | Off-chain, cryptographically signed actions |
| Settlement | On-chain finality, margin root verification |
| Custody | Non-custodial, user-controlled accounts |
See Architecture for details.
Reporting Vulnerabilities
If you discover a security issue:
- Do not disclose publicly
- Email security@hypercall.xyz with details
- Include reproduction steps and potential impact
- Allow reasonable time for remediation before disclosure
We appreciate responsible disclosure and will acknowledge researchers who help improve our security.
Contract Addresses
See Contracts for current testnet addresses.