# Security ChainGun prioritizes security at every level of its platform — from smart contract design to user experience and operational best practices. This page outlines the core security principles, technical safeguards, and recommendations for safe interaction with ChainGun. ## Platform Security Principles * **Immutable Smart Contracts:** All core contracts are deployed with immutable logic—no admin privileges, no upgradable proxies, and no ability to pause or alter critical functions after deployment. * **Transparent Fee Structure:** All fees are fixed at deployment and visible on-chain. No hidden costs or dynamic pricing. * **Event-Driven Architecture:** Every user action (check-in, deployment, referral) emits a verifiable event for full auditability. * **Multi-Network Consistency:** Identical contract logic and security guarantees across all supported networks. ## Smart Contract Safeguards ### Access Control & Permissions * No privileged admin functions in production contracts * Only the referral bonus percentage can be updated (owner-only, transparent) * Immutable configuration for fee recipient and contract owner ### Input Validation * **Exact Fee Requirement:** Transactions revert if the fee is incorrect * **Self-Referral Prevention:** Users cannot refer themselves * **One Check-in per Day:** Enforced by contract logic * **Bytecode Validation:** Deployment factory checks contract size and format ### Gas & Cost Optimization * Gas-efficient storage and computation * Minimal external calls to reduce attack surface * Deterministic contract addresses (CREATE2) to prevent address prediction attacks ### Security Events & Monitoring * All actions emit events for real-time monitoring and analytics * On-chain logs enable independent verification of all operations ### Verification & Transparency * All contracts are verified on public block explorers * Source code, ABI, and constructor parameters are published for every deployment ## User Safety & Best Practices ### Wallet Security * Native support for MetaMask, WalletConnect, and Coinbase Wallet * Strict permission scopes—only necessary access is requested * No private keys or sensitive data ever stored by ChainGun ### Transaction Safety * Up-front gas estimation and clear transaction previews * All actions require explicit user confirmation in their wallet * Graceful error handling and clear error messages ### Data Protection * Local-first storage: sensitive data (e.g., session info) is stored only on the user’s device * All network traffic is encrypted * No unnecessary data collection or tracking ### General Recommendations * **Start Small:** Use testnets and small amounts to learn the platform * **Verify Transactions:** Always review transaction details before signing * **Use Secure Wallets:** Prefer hardware wallets for significant funds * **Stay Informed:** Follow [official updates](/future-and-security/roadmap.md) and community channels for security news ## Operational Security * **Continuous Monitoring:** Platform health and contract activity are monitored 24/7 * **Incident Response:** Clear procedures for reporting and responding to security incidents ## Audits & Community Review * All core contracts are published and verified for public review * Community feedback and bug reports are encouraged via Discord * Formal third-party audits are planned as the platform scales *** *Security is a shared responsibility. By following best practices and staying informed, you help keep the ChainGun ecosystem safe for everyone.* --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.chaingun.xyz/future-and-security/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.