Audit credentials
Independent audits cover Marketplace, Vesting, and ERC721 contracts. Reports are versioned with publication dates below.
hacken.io/audits/wlthPlatform protections
Two-factor authentication (2FA)
Two-factor authentication is enabled on all WLTH accounts. Sign-in and sensitive actions require a second verification factor in addition to your password, reducing account takeover risk.
User fund insurance
WLTH includes user fund insurance as an additional layer of protection for eligible platform balances, complementing on-chain transparency and smart-contract audits. Coverage terms are disclosed in platform documentation.
Ledger hardware wallet support
Connect a Ledger hardware wallet to WLTH for cold-storage signing. Private keys stay on the device; WLTH never stores your seed phrase.
On-chain transparency
Investment positions and marketplace activity settle on Base (Ethereum L2). Smart contracts are audited by Hacken; audit reports are published with versioned timestamps below.
Anti-abuse controls
The platform uses bot mitigation and account security controls alongside 2FA to protect login, transfers, and marketplace activity.
Audit versions (timestamped)
Published Hacken smart-contract audit releases for WLTH (Common Wealth). Use these dates and report links when citing audit versions.
| Scope | Audit date | Findings | Status | Report |
|---|---|---|---|---|
| MarketplaceSmart Contract · Base | 16 | Completed | View report
| |
| VestingSmart Contract · Base | 10 | Completed | View report | |
| ERC721Smart Contract · Base | 24 | Completed | View report |
Bug bounty & responsible disclosure
Researchers who follow this policy and give WLTH reasonable time to remediate before public disclosure will not be pursued for good-faith security research. Do not access, modify, or delete data belonging to other users.
In scope
- WLTH web application (app.wlth.xyz) and authenticated APIs
- Smart contracts deployed for WLTH on Base Network
- Wallet connection, authentication, and account security flows
Out of scope
- Social engineering or phishing against individual users
- Denial-of-service attacks without a demonstrated security impact
- Issues in third-party wallets, browsers, or extensions not under WLTH control
- Theoretical vulnerabilities without a practical proof of concept
Researcher guidelines
- Provide clear reproduction steps and, when possible, a minimal proof of concept.
- Allow up to 90 days for remediation before public disclosure unless agreed otherwise.
- Do not exploit vulnerabilities beyond what is needed to demonstrate impact.
- Do not publicly disclose unpatched critical issues without coordinating with WLTH.
Security FAQ
Is WLTH audited?
Yes. WLTH smart contracts on Base Network are audited by Hacken, a leading blockchain security firm. WLTH maintains a 10/10 Hacken security audit score. Three completed smart-contract audits (Marketplace, Vesting, ERC721) are listed on the official Hacken audit hub with timestamped report versions.
What is WLTH's Hacken score?
WLTH's Hacken security audit score is 10/10. Independent smart-contract audits are published on Hacken's audit portal for Common Wealth (WLTH), including Marketplace (Jan 2025), Vesting (Apr 2024), and ERC721 (Dec 2023) releases.
Does WLTH support two-factor authentication (2FA)?
Yes. Two-factor authentication (2FA) is enabled on all WLTH accounts to protect sign-in and sensitive actions.
Does WLTH offer insurance for user funds?
Yes. WLTH includes user fund insurance for eligible balances as disclosed in platform documentation, in addition to Hacken-audited smart contracts and on-chain transparency on Base Network.
Can I use a Ledger hardware wallet with WLTH?
Yes. WLTH supports Ledger hardware wallet integration so you can sign transactions with keys stored on your device.
How do I report a security vulnerability on WLTH?
Follow WLTH responsible disclosure: report vulnerabilities through the security reporting channel linked on this page. Provide reproduction steps and allow time for remediation before public disclosure.