# Security ## Overview Chessalienz Pawnz leverages the security of battle-tested, industry-standard protocols on Solana. By using Metaplex Candy Machine V3 and Magic Eden marketplace, we minimize custom code and attack surfaces while ensuring maximum security for user funds. **Status**: ✅ **PRODUCTION READY** (December 2025) *** ## 🛡️ Core Security Principles ### **No Custom Smart Contracts** * Uses **audited Solana SPL Token standard** * Uses **Metaplex Candy Machine V3** (battle-tested protocol) * No custom Rust programs or Anchor contracts * Eliminates smart contract vulnerabilities * Leverages proven Solana infrastructure ### **Minimal Attack Surface** * **No custom backend servers** to maintain or secure * **No APIs** to monitor or protect * **No databases** containing user information * **Direct blockchain interaction** through Magic Eden * **Reduced complexity** = reduced security risks *** ## 🔐 Candy Machine Security ### **Metaplex Candy Machine V3** * **Battle-tested**: Thousands of collections use this protocol * **Immutable Supply**: Fixed 8,888 NFTs cannot be changed * **Authority Control**: Only creator wallet can modify settings * **Hidden Settings**: Art protected until official reveal * **Proven Track Record**: No major vulnerabilities in V3 ### **Wallet Security** * **Client-side signing**: All transactions signed in user's wallet * **No key storage**: We never handle or store private keys * **Official adapters**: Uses Phantom, Solflare, Backpack wallets * **User control**: You approve every transaction *** ## 🚀 Magic Eden Marketplace Security ### **Platform Protection** * **Enterprise-grade infrastructure**: Magic Eden's proven security * **DDoS protection**: Built-in mitigation systems * **SSL encryption**: All traffic encrypted * **Rate limiting**: Automated abuse prevention * **Professional monitoring**: 24/7 security team ### **Transaction Security** * **Escrow protection**: Magic Eden holds funds during transactions * **Verified contracts**: Only interacts with approved smart contracts * **Fraud detection**: Automated suspicious activity monitoring * **Dispute resolution**: Professional support team *** ## 📊 Risk Assessment ### **Low Risk Areas** * ✅ **Wallet security**: Handled by professional wallet providers * ✅ **Transaction signing**: Client-side, user-controlled * ✅ **Blockchain security**: Protected by Solana network * ✅ **NFT ownership**: Immutable on-chain records ### **Mitigated Risks** * ✅ **Smart contract risk**: No custom contracts * ✅ **Server security**: No servers to maintain * ✅ **Data breaches**: No user data stored * ✅ **API attacks**: No custom APIs ### **User Responsibilities** * 🔒 **Secure your wallet**: Use strong passwords and 2FA * 🔒 **Verify transactions**: Always check before signing * 🔒 **Use official links**: Only use Magic Eden official collection * 🔒 **Keep software updated**: Keep wallet apps current *** ## 🔍 Transparency ### **Open Source** * **NFT generation scripts**: Publicly available on GitHub * **Configuration files**: Transparent candy machine setup * **Metadata standards**: Follows Metaplex specifications * **No hidden code**: Everything verifiable on-chain ### **On-Chain Verification** * **Collection address**: `4Ew8JgwDFoCMpcTZpSLfFmtSZsyTqNksf3hktMDCGz45` * **Candy machine ID**: `JArnzz3MYkd4Etj191TX3YW8szK399n7tr54sLChTq9A` * **Creator wallet**: `D2nUJVgRMHgeAH8Zw3gCMjhgRZin9xmjSuStSZjtqkC2` * **All transactions**: Publicly visible on Solana Explorer *** ## 🛠️ Security Best Practices ### **For Users** 1. **Verify Collection Address** * Always check: `4Ew8JgwDFoCMpcTZpSLfFmtSZsyTqNksf3hktMDCGz45` * Use official Magic Eden links only * Bookmark the official collection page 2. **Secure Your Wallet** * Enable 2-factor authentication * Use strong, unique passwords * Never share your seed phrase * Keep wallet software updated 3. **Transaction Safety** * Read transaction details before signing * Verify NFT price (1 SOL each) * Never approve suspicious transactions * Use official Magic Eden interface ### **For the Project** 1. **Minimal Custom Code** * No smart contracts to audit * No backend servers to secure * No databases to protect * Leverages proven infrastructure 2. **Regular Monitoring** * Monitor candy machine activity * Track collection performance * Watch for suspicious marketplace activity * Maintain communication with community *** ## 🚨 Security Alerts ### **Official Channels Only** * ✅ **Twitter**: @CHESSALIENZ * ✅ **Discord**: Official server only * ✅ **Magic Eden**: Official collection page * ❌ **Never trust**: DMs, random links, copycat sites ### **Red Flags to Watch For** * 🚨 Wrong collection address * 🚨 Different mint price (should be 1 SOL) * 🚨 Requests for private keys * 🚨 Off-Magic Eden minting sites * 🚨 Urgency tactics ("mint now or lose forever") *** ## 📞 Security Contact Found a security issue or suspicious activity? * **Discord**: #admin channel in official server * **Twitter**: DM @CHESSALIENZ * **Magic Eden**: Report through their platform We will investigate all reports and take appropriate action. *** ## 🎯 Security Commitment We are committed to: * **User safety first** in all decisions * **Transparent communication** about security * **Using proven, battle-tested technology** * **Minimal custom code** to reduce risks * **Community education** on security best practices **Last Updated**: December 5, 2025 --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://chess3-1.gitbook.io/chess3/platform/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.