Smart Contracts

Overview

Price Play uses a single core smart contract for managing deposits and withdrawals. All game logic is processed off-chain for speed and cost efficiency, with on-chain settlement for security.

Price Play Vault

The Vault contract is the secure storage for all player deposits.

Contract Address

BNB Chain Mainnet: 0x699f58d98f3c6e9e76c579e68b08a0558291de4f

View on BscScan

Contract Functions

Public Functions

Function

Description

Parameters

deposit()

Deposit BNB into vault

None (payable)

withdraw()

Withdraw BNB with signature

amount, nonce, expiry, signature

View Functions

Function

Description

Returns

balances(address)

Check deposit balance

uint256

usedNonces(bytes32)

Check if nonce was used

bool

signer()

Get current signer address

address

Admin Functions

Function

Description

Access

setSigner()

Update withdrawal signer

Owner only

pause()

Emergency pause

Owner only

unpause()

Resume operations

Owner only

emergencyWithdraw()

Emergency fund recovery

Owner only

Deposit Flow

User calls deposit() with BNB value
Contract validates amount (min: 0.001 BNB, max: 10 BNB)
BNB is stored in contract
Deposited event is emitted
Backend credits user's game balance

User → Contract.deposit() → Event → Backend → Game Balance

Withdrawal Flow

Withdrawals require a signature from the Price Play backend to prevent unauthorized withdrawals.

User requests withdrawal in the app
Backend verifies user's balance
Backend generates signature via Turnkey MPC
User receives signature, nonce, and expiry
User calls withdraw() with these parameters
Contract verifies signature and transfers BNB

User → Backend → Turnkey (sign) → User → Contract.withdraw() → User receives BNB

Security Features

Reentrancy Protection

All state changes happen before external calls, following the checks-effects-interactions pattern.

Nonce Tracking

Each withdrawal uses a unique nonce that can only be used once, preventing replay attacks.

Signature Expiry

Signatures expire after 15 minutes, limiting the attack window.

Chain ID Binding

Signatures include the chain ID, preventing cross-chain replay attacks.

Pausable

Owner can pause the contract in emergencies, stopping all deposits and withdrawals.

Signature Verification

The contract verifies withdrawals using ECDSA signatures:

bytes32 messageHash = keccak256(abi.encodePacked(
    msg.sender,      // Recipient address
    amount,          // Withdrawal amount
    nonce,           // Unique nonce
    expiry,          // Expiration timestamp
    block.chainid,   // Chain ID (56 for BSC)
    address(this)    // Contract address
));

The signature must be from the authorized signer address.

Verification

The contract source code is verified on BscScan.

View Source Code
Compiler: Solidity 0.8.19
License: MIT

Audit Status

Component

Status

Smart Contract

Source verified on BscScan

Key Management

Backend Logic

Internal security review

PreviousTokenomics NextSecurity

Last updated 17 hours ago

Good afternoon

Overview

Price Play Vault

Contract Address

Contract Functions

Public Functions

View Functions

Admin Functions

Deposit Flow

Withdrawal Flow

Security Features

Reentrancy Protection

Nonce Tracking

Signature Expiry

Chain ID Binding

Pausable

Signature Verification

Verification

Audit Status