This page describes the security of the platform and the smart contract.

  1. HeadsTails (HT) is a registered tech start-up based in Costa Rica.

  2. The site is optimized for desktop and mobile devices and uses HTTP & SSL for a secure user experience.

  3. The website allows wallet connect functionality using Meta Mask and Wallet Connect.

  4. Secure wallet signing is used to ensure no middle man or bad actor can intercept the message when you connect to the HeadsTails website.

  5. A resolution source is always quoted to ensure that the winning answer for any event is retrieved from a reliable provider.

  6. HT only takes a commission from the losing side. This is to ensure that at times when user participation in a question is low, the winners are guaranteed a return and do not end up losing funds, even after winning.

  7. As the resolution lies at the hands of the HT team (to pick the winning answer and distribute the winnings), there is a centralization factor. But the Smart Contract takes care of this issue. If HT fails to resolve a question and pick a winning side within 7 days, users can unstake their tokens. This way, when you take part in a question, you will either win the prize pool (if you get the answer right), lose your funds (if you get the answer wrong) or unstake your tokens if HT does not resolve the pool in a timely manner. HT cannot keep hold of your funds by not resolving a question.

  8. HeadsTails commission is set to 25% of the losing pool. It is hardcoded in the smart contract to not go above 30%. HeadsTails cannot set this value to say 100% and keep all the prize money.

  9. If you submit a question, you can win part of the prize pool. This submitter’s commission value is hardcoded in smart contract to be up to 2% max of the entire prize pool.

  10. A security audit has been done to ensure the smart contract has no vulnerabilities. See the audit report.

  11. The version of Solidity used to create the Smart Contract is the latest (at the time of development) to ensure any minor or major bugs reported at the time did not leak into the code.

Last updated