🔐Security

The concern about user security at SnF Marketplace is a top priority, our choice to integrate with API Reservoir with the Aggregator allows us to focus on delivering the best flipping experience to traders, as we benefit from the large and robust security grid they offer, stated in their security documentation:

API Reservoir Security and Smart Contract Audits

Summary
At Reservoir we take smart contract security very seriously to ensure the protection of our developers and their users. Below is a breakdown of the smart contracts used within the Reservoir ecosystem and their security/audit status.
Aggregation
Reservoir aggregates different NFT exchange protocols, allowing you to access them all through a single, simplified interface. All supported protocols have undergone extensive audits:
Seaport (used by OpenSea)
0xV4 (used by Coinbase)
Blur
LooksRare
X2Y2
Full list of aggregated marketplaces can be found here.
Creating Orders
When you create an order through a Reservoir-powered marketplace, the listing or bid happens through one of the above protocols. By default, Seaport is used, but each team who deploys a marketplace chooses which to use.
To list, you must approve the exchange contract to transfer your tokens. This is exactly the same as if you listed directly on another marketplace. In fact, if you have already approved a particular exchange contract through OpenSea, Coinbase or LooksRare, you don’t need to do it again on a Reservoir-powered marketplace. You’re approving the underlying exchange, not Reservoir.
Purchasing
Single item sales are executed via the order's native exchange contract. Multi-item sales are executed through Reservoir’s Router contract, enabling users to purchase items from different marketplaces in one transaction.
Reservoir's Router contract has had the following audits:
V3 internally audited by multiple teams, including Art Blocks and Coinbase
V4 & V5 are minor edits to V3, based on audit feedback
V6 audited by Consensys Dilligence (report and response)
Note: V6 is currently live on Mainnet and being used by our hosted APIs.
This contract does not hold any user funds or have permission to spend user funds. All actions must be directly approved by the user, on a per transaction basis. This gives it a very different security profile to the exchange contracts above, or DeFi protocols.
Deployed Contracts
Mainnet: 0xc2c862322e9c97d6244a3506655da95f05246fd8
Goerli: 0xc2c862322e9c97d6244a3506655da95f05246fd8
Polygon: 0xc2c862322e9c97d6244a3506655da95f05246fd8
Arbitrum: 0xc2c862322e9c97d6244a3506655da95f05246fd8
Optimism: 0xc2c862322e9c97d6244a3506655da95f05246fd8
Source Code
Router Contract
Router API
ReservoirKit
Marketplace UI

Previousb) Laddered Orders NextSweep n' Flip | AMM

Last updated 1 year ago