Security

PayX's security practices, smart contract safety, and risk considerations.

Security Overview

PayX is designed with security as a top priority. Our non-custodial architecture ensures you always maintain control of your funds.

🔒

Non-Custodial

You always control your funds

✅

Verified

Contract verified on ArcScan

🛡️

Battle-Tested

Built on proven libraries

Smart Contract Security

Security Measures

✓
Reentrancy Protection
Uses OpenZeppelin's ReentrancyGuard to prevent recursive attacks
✓
SafeERC20
Safe token transfers using OpenZeppelin's SafeERC20 library
✓
Integer Overflow Protection
Solidity 0.8.24 with built-in overflow checks
✓
Access Control
Ownable pattern for administrative functions
✓
Input Validation
All inputs validated with custom errors for clear feedback
✓
Replay Protection
Unique nonces prevent signature replay attacks on claims

Claim Security

The claim process uses a secure two-factor verification:

1️⃣

X OAuth Verification

Users must authenticate via X OAuth to prove they own the handle. We only request read access to the profile.

2️⃣

Oracle Signature

Our backend oracle signs a message containing the handle, wallet, and nonce. The contract verifies this signature before releasing funds.

3️⃣

Wallet Binding

Once claimed, the wallet is linked to the handle. Subsequent claims must use the same wallet, preventing unauthorized claims.

Dependencies

Circle USDC

PayX uses Circle's native USDC on Arc Network. USDC is the most trusted stablecoin, backed 1:1 by US dollars and regularly audited.

Learn more about USDC →

Arc Network

Arc is a stablecoin-native L1 by Circle. It provides fast finality and USDC-denominated gas fees.

Learn more about Arc →

OpenZeppelin

Our contracts are built on OpenZeppelin's battle-tested libraries for ERC20, ReentrancyGuard, Ownable, and cryptographic functions.

OpenZeppelin documentation →

Risk Considerations

⚠️Smart Contract Risk

Despite security measures, smart contracts may contain undiscovered vulnerabilities. Only tip amounts you're comfortable with and consider starting small.

⚠️Oracle Risk

The claim process depends on our oracle service to sign claim authorizations. While designed for high availability, service disruptions could delay claims.

⚠️Testnet Status

PayX is currently on Arc Testnet. Expect potential network instability and resets before mainnet launch. Testnet USDC has no real value.

Security Best Practices

For Users

1.Verify contract addresses before interacting
2.Use a hardware wallet for significant holdings
3.Review transaction details in your wallet before signing
4.Be cautious of phishing sites — bookmark the official URLs
5.Never share your private key or seed phrase

Report a Vulnerability

If you discover a security vulnerability:

X (Twitter) @Xylonet_Discord

Please do not publicly disclose vulnerabilities. Contact us privately first.