Smart Contract Security
At Mach Protocol, security is our top priority. We have taken extensive measures to ensure that our smart contracts are secure, robust, and reliable.Security Audits
Our smart contract infrastructure has undergone thorough third-party security audits by leading blockchain security firms.Core Contracts Audit
Auditor: Zellic
Date: 2023
Scope: Core protocol contracts including orderbook, settlement, and intent validation
View Audit Report (PDF)
Date: 2023
Scope: Core protocol contracts including orderbook, settlement, and intent validation
View Audit Report (PDF)
Security Measures
In addition to formal audits, we employ multiple layers of security practices:Code Quality & Testing
- Comprehensive Test Suite: Our codebase includes extensive unit and integration tests
- Code Coverage: We maintain high test coverage across all critical contract components
- Formal Verification: Critical contract components undergo formal verification
Operational Security
- Multisig Controls: Administrative functions require multiple signatures
- Timelocks: Important protocol changes include timelock delays
- Upgradability: Carefully designed upgrade patterns with strict access controls
Monitoring & Incident Response
- Real-time Monitoring: Continuous monitoring of on-chain activity
- Incident Response Plan: Comprehensive procedures for addressing potential vulnerabilities
- Bug Bounty Program: Rewards for responsible disclosure of security issues
Deployed Contract Addresses
For transparency, all of our deployed smart contracts can be viewed on blockchain explorers for each respective network.Ethereum (ETH) - Chain ID: 1
Ethereum (ETH) - Chain ID: 1
| Contract | Address |
|---|---|
| Order Book | 0x5d8bca5F0b3D9c9513a75D0206dAF0b4FF8bda95 |
| Order Book V2 | 0x137092D65b9f4861C7Fc2B58cd7Fd52aA0ADFEb0 |
| CCTP Message Transmitter | 0x0a992d191DEeC32aFe36203Ad87D7d289a738F81 |
| CCTP Token Messenger | 0xBd3fa81B58Ba92a82136038B25aDec7066af3155 |
| Uniswap V3 Quoter | 0x61fFE014bA17989E743c5F6cB21bF9697530B21e |
| Uniswap V3 Router | 0x3fC91A3afd70395Cd496C647d5a6CC9D4B2b7FAD |
| Uniswap Permit2 | 0x000000000022D473030F116dDEE9F6B43aC78BA3 |
| Curve Router | 0x16C6521Dff6baB339122a0FE25a9116693265353 |
| Odos Router | 0xCf5540fFFCdC3d510B18bFcA6d2b9987b0772559 |
| LiFi Router | 0x1231DEB6f5749EF6cE6943a275A1D3E7486F4EaE |
Unichain (UNI) - Chain ID: 130
Unichain (UNI) - Chain ID: 130
| Contract | Address |
|---|---|
| Order Book V2 | 0x6D32b45F25B4B2386C50F6505999b34D962944A7 |
| CCTP Message Transmitter | 0x353bE9E2E38AB1D19104534e4edC21c643Df86f4 |
| CCTP Token Messenger | 0x4e744b28E787c3aD0e810eD65A24461D4ac5a762 |
| Uniswap V3 Quoter | 0x565AC8C7863d9bB16D07E809fF49Fe5CD467634C |
| Uniswap V3 Router | 0xEf740bf23aCaE26f6492B10de645D6B98dC8Eaf3 |
| Uniswap Permit2 | 0x000000000022D473030F116dDEE9F6B43aC78BA3 |
Optimism (OPT) - Chain ID: 10
Optimism (OPT) - Chain ID: 10
| Contract | Address |
|---|---|
| Order Book | 0xE0CAAeaCa771691A73B5a0846DF8aB40b6Aed5df |
| Order Book V2 | 0x5861b75321c3f9CD25BaF61CCE59f87C77b33F90 |
| CCTP Message Transmitter | 0x4D41f22c5a0e5c74090899E5a8Fb597a8842b3e8 |
| CCTP Token Messenger | 0x2B4069517957735bE00ceE0fadAE88a26365528f |
| Uniswap V3 Quoter | 0x61fFE014bA17989E743c5F6cB21bF9697530B21e |
| Uniswap V3 Router | 0xCb1355ff08Ab38bBCE60111F1bb2B784bE25D7e8 |
| Uniswap Permit2 | 0x000000000022D473030F116dDEE9F6B43aC78BA3 |
| Curve Router | 0xF0d4c12A5768D806021F80a262B4d39d26C58b8D |
| Odos Router | 0xCa423977156BB05b13A2BA3b76Bc5419E2fE9680 |
| LiFi Router | 0x1231DEB6f5749EF6cE6943a275A1D3E7486F4EaE |
Arbitrum (ARB) - Chain ID: 42161
Arbitrum (ARB) - Chain ID: 42161
| Contract | Address |
|---|---|
| Order Book | 0xa40Ad3916237fa0FE11A500241fFA6eAc59CBD6A |
| Order Book V2 | 0xd8b8B056cE030b32d6C5198Ae1d14952a56A0458 |
| CCTP Message Transmitter | 0xC30362313FBBA5cf9163F0bb16a0e01f01A896ca |
| CCTP Token Messenger | 0x19330d10D9Cc8751218eaf51E8885D058642E08A |
| Uniswap V3 Quoter | 0x61fFE014bA17989E743c5F6cB21bF9697530B21e |
| Uniswap V3 Router | 0x5E325eDA8064b456f4781070C0738d849c824258 |
| Uniswap Permit2 | 0x000000000022D473030F116dDEE9F6B43aC78BA3 |
| Curve Router | 0xF0d4c12A5768D806021F80a262B4d39d26C58b8D |
| Odos Router | 0xa669e7A0d4b3e4Fa48af2dE86BD4CD7126Be4e13 |
| LiFi Router | 0x1231DEB6f5749EF6cE6943a275A1D3E7486F4EaE |
Avalanche (AVAX) - Chain ID: 43114
Avalanche (AVAX) - Chain ID: 43114
| Contract | Address |
|---|---|
| Order Book | 0xeFad3dA107eBe51aFBEe197725b4B5720Bf58cfC |
| Order Book V2 | 0xD98ad5D97982C7C2cd55Dc89B96DF9fB67631D77 |
| CCTP Message Transmitter | 0x8186359aF5F57FbB40c6b14A588d2A59C0C29880 |
| CCTP Token Messenger | 0x6B25532e1060CE10cc3B0A99e5683b91BFDe6982 |
| Uniswap V3 Quoter | 0xbe0F5544EC67e9B3b2D979aaA43f18Fd87E6257F |
| Uniswap V3 Router | 0x4Dae2f939ACf50408e13d58534Ff8c2776d45265 |
| Uniswap Permit2 | 0x000000000022D473030F116dDEE9F6B43aC78BA3 |
| Curve Router | 0xF0d4c12A5768D806021F80a262B4d39d26C58b8D |
| Odos Router | 0x88de50B233052e4Fb783d4F6db78Cc34fEa3e9FC |
| LiFi Router | 0x1231DEB6f5749EF6cE6943a275A1D3E7486F4EaE |
Polygon (POL) - Chain ID: 137
Polygon (POL) - Chain ID: 137
| Contract | Address |
|---|---|
| Order Book | 0xC4b8debe12b0A28eBe92fF0F0e8024D28407B846 |
| Order Book V2 | 0x3Ceedd8F86dcf54D0A34EEF0e933c70fc3A7e958 |
| CCTP Message Transmitter | 0xF3be9355363857F3e001be68856A2f96b4C39Ba9 |
| CCTP Token Messenger | 0x9daF8c91AEFAE50b9c0E69629D3F6Ca40cA3B3FE |
| Uniswap V3 Quoter | 0x61fFE014bA17989E743c5F6cB21bF9697530B21e |
| Uniswap V3 Router | 0xec7BE89e9d109e7e3Fec59c222CF297125FEFda2 |
| Uniswap Permit2 | 0x000000000022D473030F116dDEE9F6B43aC78BA3 |
| Curve Router | 0xF0d4c12A5768D806021F80a262B4d39d26C58b8D |
| Odos Router | 0x4E3288c9ca110bCC82bf38F09A7b425c095d92Bf |
| LiFi Router | 0x1231DEB6f5749EF6cE6943a275A1D3E7486F4EaE |
Base (BASE) - Chain ID: 8453
Base (BASE) - Chain ID: 8453
| Contract | Address |
|---|---|
| Order Book | 0x35123fc9a8A4657a19FE3d48a88bCBd295FF196E |
| Order Book V2 | 0x026A0145Ca797737B773A4745ebb9CbE9DAe4802 |
| CCTP Message Transmitter | 0xAD09780d193884d503182aD4588450C416D6F9D4 |
| CCTP Token Messenger | 0x1682Ae6375C4E4A97e4B583BC394c861A46D8962 |
| Uniswap V3 Quoter | 0x3d4e44Eb1374240CE5F1B871ab261CD16335B76a |
| Uniswap V3 Router | 0x3fC91A3afd70395Cd496C647d5a6CC9D4B2b7FAD |
| Uniswap Permit2 | 0x000000000022D473030F116dDEE9F6B43aC78BA3 |
| Curve Router | 0xd6681e74eEA20d196c15038C580f721EF2aB6320 |
| Odos Router | 0x19cEeAd7105607Cd444F5ad10dd51356436095a1 |
| LiFi Router | 0x1231DEB6f5749EF6cE6943a275A1D3E7486F4EaE |
BNB Smart Chain (BSC) - Chain ID: 56
BNB Smart Chain (BSC) - Chain ID: 56
| Contract | Address |
|---|---|
| Order Book | 0xB6A80EfAAB1d5CC7fC337b9924ef218547F6E9B8 |
| Order Book V2 | 0xC60461f8770dAa36663057ec46F7d46D77AA9501 |
| Uniswap V3 Quoter | 0x82825d0554fA07f7FC52Ab63c961F330fdEFa8E8 |
| Uniswap V3 Router | 0x643770E279d5D0733F21d6DC03A8efbABf3255B4 |
| Uniswap Permit2 | 0x000000000022D473030F116dDEE9F6B43aC78BA3 |
| Curve Router | 0xA72C85C258A81761433B4e8da60505Fe3Dd551CC |
| Odos Router | 0x89b8AA89FDd0507a99d334CBe3C808fAFC7d850E |
| LiFi Router | 0x1231DEB6f5749EF6cE6943a275A1D3E7486F4EaE |
opBNB (OPBNB) - Chain ID: 204
opBNB (OPBNB) - Chain ID: 204
| Contract | Address |
|---|---|
| Order Book | 0xD4B8eA768327DAFcEf27145A1280e32e7a959992 |
Mantle (MANTLE) - Chain ID: 5000
Mantle (MANTLE) - Chain ID: 5000
| Contract | Address |
|---|---|
| Order Book | 0xD4B8eA768327DAFcEf27145A1280e32e7a959992 |
| Odos Router | 0xD9F4e85489aDCD0bAF0Cd63b4231c6af58c26745 |
| LiFi Router | 0x1231DEB6f5749EF6cE6943a275A1D3E7486F4EaE |
For a complete list of all contract addresses across all supported networks, please see our Contract Addresses page.
Security Best Practices for Integration
When integrating with Mach Protocol, we recommend following these security best practices:- Private Key Management: Use secure key management solutions
- Input Validation: Always validate user inputs before submitting to the blockchain
- Gas Management: Implement proper gas estimation and handling
- Error Handling: Implement comprehensive error handling for all contract interactions
- Testing: Thoroughly test your integration on testnets before going to production