Security
Hypercall is committed to building a secure trading platform. Mainnet Alpha is live, and security remains a core focus as the venue expands from constrained launch scope toward more verifiable protocol operations.
Current Status
Hypercall is currently in Mainnet Alpha. Users can deposit real USDC and trade the launch market, but the venue is intentionally constrained while the team gathers production evidence.
Mainnet Alpha uses real funds. Only deposit what you are prepared to risk. Options and digital asset trading can result in loss.
Current Trust Boundaries
Hypercall uses a hybrid model. Some operations are on chain and directly verifiable, while others currently depend on the Hypercall operator.
- On chain: account ownership, deposits, withdrawals, contract calls, and supported settlement/liquidation actions.
- Operator-run today: matching, market data ingestion, margin checks, RSM command issuance, and operational response.
- Roadmap: RSM decentralization and trustlessness work will reduce operator trust over time. See Architecture and Roadmap.
We will publish additional audit, verification, and decentralization materials as those workstreams are ready.
Architecture Security
Hypercall's hybrid architecture separates concerns:
| Component | Security Model |
|---|---|
| Smart Contracts | On-chain, auditable, upgradeable via timelock |
| Matching Engine | Off-chain, cryptographically signed actions |
| Settlement | On-chain finality, margin root verification |
| Custody | Non-custodial, user-controlled accounts |
See Architecture for details.
Reporting Vulnerabilities
If you discover a security issue:
- Do not disclose publicly
- Email security@hypercall.io with details
- Include reproduction steps and potential impact
- Allow reasonable time for remediation before disclosure
We appreciate responsible disclosure and will acknowledge researchers who help improve our security.
Contract Addresses
See Contracts for current mainnet addresses.