BP Market

Security & Audits

Your assets are protected by atomic swaps, battle-tested code, and comprehensive audits.

1How It Works

Atomic Swaps — All or Nothing

Every trade on BasePaint Market uses atomic swaps. This means the entire transaction either completes successfully, or nothing happens at all.

If everything is valid:

You pay ETH → Seller receives ETH → You receive all 365 NFTs

If anything is wrong:

Transaction reverts → Your ETH stays with you → No NFTs transferred

This happens in a single blockchain transaction. There's no moment where you've paid but haven't received the NFTs.

No Escrow — NFTs Stay in Your Wallet

When you list your bundle for sale, your NFTs remain in your wallet. You only grant approval to the marketplace contract.

  • Your NFTs stay visible in your wallet
  • You can cancel your listing anytime
  • No lock-up period or waiting
  • Same pattern as OpenSea, Blur, and other major marketplaces

Automatic Revert Protection

The smart contract validates every single NFT before completing a purchase. If any check fails, the transaction automatically reverts.

Checks performed:

  • • Seller owns all 365 NFTs
  • • Marketplace has approval
  • • Listing is still active
  • • Price matches listing
  • • Bundle is complete

If any check fails:

  • • Transaction reverts
  • • Your ETH is returned
  • • No gas wasted on failed transfers
  • • Clear error message shown
Atomic Swap Transaction Flow - Shows how buyer sends ETH, smart contract validates all 365 NFTs, and either completes the trade or reverts

2Smart Contract Security

9.0
out of 10

Security Audit Score

Comprehensive security audit performed by Claude Opus 4.5, Anthropic's most capable AI model for code analysis and security review.

0 Critical Issues0 High SeverityProduction Ready
💬

Original Audit Chat

Requires Claude account

🔍

Verify on BaseScan

Contract source v1.11

About AI Security Audits

Claude Opus 4.5 provides comprehensive code analysis including vulnerability detection, logic verification, and best practice review. The contract has been deployed to Base Mainnet and verified on BaseScan.

3Built-in Protections

🛡️

Reentrancy Protection

All transactions are protected against reentrancy attacks using OpenZeppelin's ReentrancyGuard.

🔑

Signature Replay Protection

Each offer signature can only be used once. Prevents attackers from reusing old signatures.

Full Bundle Validation

Every purchase validates all 365 NFTs for ownership and approval before transfer.

⏸️

Emergency Pause

Contract can be paused if a vulnerability is discovered, protecting user funds.

⬆️

UUPS Upgradeable

Critical bugs can be fixed without losing user data or active listings.

📚

OpenZeppelin Standards

Built on battle-tested OpenZeppelin contracts, the industry standard for secure smart contracts.

4Platform Security

Sign-In with Ethereum (SIWE)

Authentication uses your wallet signature — no passwords stored, no accounts to hack.

No Private Keys

We never ask for or store your private keys. All transactions are signed in your wallet.

Rate Limiting & DDoS Protection

Multiple layers of rate limiting protect against abuse and denial-of-service attacks.

Comprehensive Testing

2,100+ automated tests across smart contracts, backend, and frontend ensure reliability.

Still Have Questions?

Security is our top priority. If you have concerns or found a vulnerability, please reach out.

@vvegalex on X