Zellic Security Review
Megapot V2 smart contracts (Jackpot, LPManager, NFT, AutoSubscription, BatchPurchase, RandomBuyer, PayoutCalculator)
2025GitHub repo ↗
Security
Last updated: May 2026
This page maps deployed smart contracts to their audits, RNG certification and public security materials. Every link can be independently verified.
Audits and certifications
Code4rena Public V2 Contest
Public audit competition on Megapot V2; warden findings, sponsor responses, judge ranking
November 2025Contest repo ↗
Pyth Entropy RNG Certification
CompliantScaledEntropyProvider + Pyth Entropy integration
2025Megapot docs ↗
Address-to-audit mapping
Jackpot — ✓ Verified0x3bAe643002069dBCbcd62B1A4eb4C4A397d042a2 ↗
Zellic + Code4rena V2JackpotLPManager — ✓ Verified0xE63E54DF82d894396B885CE498F828f2454d9dCf ↗
Zellic + Code4rena V2JackpotTicketNFT — ✓ Verified0x48FfE35AbB9f4780a4f1775C2Ce1c46185b366e4 ↗
Zellic + Code4rena V2JackpotAutoSubscription — ✓ Verified0x02A58B725116BA687D9356Eafe0fA771d58a37ac ↗
Zellic + Code4rena V2BatchPurchaseFacilitator — ✓ Verified0x01774B531591b286b9f02C6Bc02ab3fD9526Aa76 ↗
Zellic + Code4rena V2JackpotRandomTicketBuyer — ✓ Verified0xb9560b43b91dE2c1DaF5dfbb76b2CFcDaFc13aBd ↗
Zellic + Code4rena V2GuaranteedMinimumPayoutCalculator — ✓ Verified0x97a22361b6208aC8cd9afaea09D20feC47046CBD ↗
Zellic + Code4rena V2ScaledEntropyProvider — ✓ Verified0x5D030DEC2e0d38935e662C0d2feD44B050c8Ae51 ↗
RiskCherry/Lean Lab RNG Cert (Compliant)Known design tradeoffs (from Code4rena V2)
- Premium share is calculated over all potential winning combinations, including unsold ones. Protects liquidity, but requires explicit communication (see FAQ).
- Emergency mode exists, the protocol is not fully admin-less. Admin can pause or refund in exceptional cases.
- Arithmetic rounding edge-cases in the referral fee fallback path, documented in Code4rena findings, non-critical.
Bug bounty
There is no active bug bounty program for the Balkan Lotto frontend at this time. Megapot protocol bugs: report directly to security@megapot.io. Front-end vulnerabilities (XSS, content injection, supply-chain) report via the /contact page with topic 'Bug report'. We respond within 72h and address critical findings as a priority.
Incident history
No incidents recorded for balkanlotto.com frontend.