Security & Risk

Twin.fun is non-custodial: ETH settles directly between traders, creators, and the protocol treasury.

Key Properties

• buyShares and sellShares are nonReentrant.
• Events provide transparent logs for indexing and analytics.
• No custodial balances—funds flow through the contract in a single transaction.

Known Limitations

• The contract does not refund overpaid msg.value; callers must send the exact amount.
• Fee percentages are owner-settable and can change for future trades.
• Keys are non-transferable; positions adjust only via buy/sell functions.

Mitigations

• Clear event logs enable monitoring and analytics.
• Creator ownership can be pre-mapped to prevent impersonation on initial buys.

Responsible Disclosure

• Security contact: security@twin.fun (placeholder).
• Bug bounty: provide relevant links if/when available.