Security Measures

GothamCash is designed with a strong emphasis on security, simplicity, and resilience. Below is an updated overview of the technical and architectural safeguards in place to protect users, their funds, and the system as a whole.

1. ✅ Smart Contract Simplicity

The core contract (GothamMixer01) is intentionally kept minimal and auditable:

  • No external dependencies beyond a lightweight internal ECDSA utility.

  • No use of proxies, upgradability, or complex inheritance.

  • Fixed pool size: exact 0.1 BNB / 1 BNB / 10 BNB per note.

  • Hardcoded:

    • Fee rate (1%)

    • Expiry duration (365 days)

  • No admin pause functions — deposits and withdrawals cannot be frozen.

🧩 Simplicity reduces the attack surface and makes auditing easier.

2. 🧾 No Note Storage On-Chain

  • Notes are generated client-side and never shared with the contract.

  • The contract only stores:

    • commitments (hash of nullifier + secret)

    • nullifierHash to prevent reuse

    • Timestamp and optional withdrawal authorization

  • Even a full blockchain inspection reveals nothing about user secrets.

🔐 Privacy is enforced by design.

3. 🔒 One-Time Withdrawals with Nullifiers

Each note includes a unique nullifier, which:

  • Acts as a one-time identifier for withdrawal.

  • Is hashed and stored on-chain when used.

  • Prevents double-spending.

  • Is automatically marked when the note is withdrawn.

Once spent, a note cannot be reused.

4. ✍️ Signature-Based Withdrawal Authorization

To protect users from front-running and unauthorized withdrawal:

  • A user must sign a withdrawal authorization before claiming funds.

  • The signed message includes:

    • Nullifier

    • Secret

    • Recipient address

    • Deadline

  • The contract verifies this via ECDSA before allowing a withdrawal.

🧾 This step ensures only the legitimate owner can withdraw, and only once authorized.

5. ⏳ Expiry Mechanism

  • Each commitment has a lifespan of 365 days.

  • After that, if unclaimed, the owner can reclaim it.

  • Reduces storage bloat and prevents abandoned funds from being lost forever.

  • Users are encouraged to withdraw before expiry.

Expired notes cannot be recovered by users.

6. ❌ Rejecting Direct BNB Transfers

To prevent accidental or malicious fund loss:

  • receive() is disabled — direct BNB transfers are rejected.

  • Users must call deposit() explicitly.

  • The contract also rejects unknown function calls (fallback()).

✅ Only valid deposits are accepted.

7. 🛡️ Strict Access Control

Only the contract owner can:

  • Enable/disable the 1% fee (via setFeesEnabled(bool)).

  • Change the contract ownership (changeOwner()).

  • Reclaim expired notes (reclaimExpired() or reclaimExpiredBatch()).

The owner cannot:

  • Change fee rate (always 1%)

  • Access user funds directly.

  • Pause or mint tokens.

  • Modify commitments or nullifiers arbitrarily.

All withdrawals are still enforced by cryptographic secrets + signatures.

8. 🔍 Transparent Events & Auditable State

All major actions emit events:

  • Deposited

  • Withdrawn

  • ExpiredReclaimed

Anyone can observe all deposits, withdrawals, and reclaim operations via public blockchain tools (e.g., BscScan).

📊 Full on-chain traceability — without leaking private data.

9. ⚠️ Trust Assumptions

GothamCash is semi-trusted and does not use zk-SNARKs.

  • The system does not fully eliminate trust (e.g., owner role exists, but for minor (not critical) actions).

  • There is no zero-knowledge proof system protecting note linkage.

  • Withdrawals depend on correct note storage and signature generation.

Users must:

  • Use trusted wallets and secure signing environments.

  • Store notes safely (no backup = no recovery).

  • Withdraw only via private connections for stronger privacy.

🛡️ Security is built-in — but privacy starts with you. Always generate notes securely, store them safely, and withdraw anonymously. We provide the tools — you bring the discipline.

PreviousNote LifecycleNextDeploy/test on BSC Testnet

Last updated