Report a security issue.
For security reports, email security@balloonpump.xyz. Include the route, wallet public address if relevant, transaction signature, browser, and a clear reproduction path.
Wallet boundary.
- Balloon Pump never needs your seed phrase or private key.
- Connecting a wallet shares your public address.
- Funding, deposit, start, pump, claim, and withdraw actions require wallet approval.
- Public helper requests that can move funds or queue devnet work require fresh wallet-signed challenges.
Current security boundary.
- This public build is Solana devnet only and is not a mainnet launch approval.
- Devnet only. Test tokens only.
- Uncle Matt's VRF means Very Randomifier Function: market chaos in, checkable pump result out.
- Mainnet remains blocked until independent audit, legal review, monitoring, RPC, custody, and explicit launch approval are complete.