Security

MyPact is designed so you don’t have to trust us with your money. Here’s how your funds and agreements are protected.

Non-custodial by design

MyPact never holds your funds. When you deposit into an escrow agreement, your USDC goes directly to the smart contract on the blockchain — not to a MyPact bank account, not to a server we control.

The smart contract enforces the agreement rules automatically:

• Funds release when the approval threshold is met
• Funds return to the payer when cancellation conditions are met
• Nobody — not even the MyPact team — can override the contract logic

What if MyPact disappears?

Your funds are still safe. The smart contract operates independently on the blockchain. Even if our website goes offline permanently:

• Funds remain in the smart contract
• Approvals and cancellations still work by interacting with the contract directly
• All agreement data is recorded on-chain and publicly verifiable

Smart contract security

Verified and public

All MyPact contracts are verified on Basescan and Etherscan. Anyone can read the contract code and verify exactly how it works. There is nothing hidden.

Upgrade safety

MyPact uses the UUPS proxy pattern for contract upgrades, which means the contract logic can be improved over time (bug fixes, new features) without moving your funds.

Upgrades are protected by a 2-of-3 Safe multisig — two out of three designated guardians must approve any contract change. No single person can modify the contract unilaterally.

Emergency pause

The contract includes an emergency pause capability. If a critical vulnerability is discovered, guardians can pause the contract to prevent exploitation while a fix is prepared. Pausing does not move or lock your funds beyond what the agreement already specifies.

Third-party audit

A professional third-party security audit is planned within 60 days of mainnet launch. This page will be updated with the audit report when available.

Network security

Base (Live mode)

Base is an Ethereum Layer 2 network built by Coinbase. It inherits Ethereum’s security guarantees while providing fast, low-cost transactions. Your funds are secured by the same proof system that protects billions of dollars on Ethereum.

Sepolia (Test mode)

Sepolia is Ethereum’s primary test network. It works identically to mainnet but uses valueless test tokens. Use it to verify everything works before committing real funds.

Your wallet, your keys

MyPact uses your own crypto wallet (Coinbase Wallet, MetaMask, or any WalletConnect-compatible wallet). We never have access to your private keys or seed phrase. Every transaction requires your explicit wallet confirmation.

Verifying agreements

Every agreement is recorded on-chain with a public transaction history. You can independently verify:

• The amount held in escrow
• Who the parties are
• Whether approvals have been submitted
• The full transaction history

Click View on Basescan (or Etherscan for Sepolia) on any agreement page to see the on-chain record.