PoolOrbit, a fully on-chain lottery platform built on Base, has completed a smart contract audit with Hashlock, a Web3 security company focused on smart contract auditing and blockchain cybersecurity. The contracts came out of the review with a “Secure” rating, an important milestone as PoolOrbit prepares to open its transparent, community-based prize pools to a wider audience.
What is PoolOrbit?
The idea behind PoolOrbit is simple: take everything that makes traditional lotteries opaque, the operators, the trust assumptions, the unverifiable draws, and run it all on-chain instead. Players deposit into a shared pool, and as soon as that pool fills up, winners are chosen randomly and verifiably on-chain. Prizes are paid directly from pooled cash, with a jackpot awarded to the overall winner and a configurable consolation prize pool spreading the rewards among a larger number of participants. From the first deposit to the last cash sweep, each step passes through smart contracts, so that everyone can watch a round unfold and check the result for themselves.
Building on Base helps keep fees low and confirmations fast, which is very important when the lottery model only really works with small ticket sizes. The entire flow of the protocol, from deposits and pool closure through randomness, winner selection, and payouts, lives end-to-end on-chain. There is no black box based on trust to decide who wins; Each round is resolved in public, according to conditions that everyone can verify.
Audit scope
Hashlock performed an independent manual review of PoolOrbit’s Solidity smart contracts (compiler version ^0.8.24), going through the code line by line and backing it up with software-assisted testing. The scope covered the basic architecture: the pool factory, individual pool logic, and the randomness management that orchestrates winner selection. As part of this, the team walked through the functions governing deposits, pool closure, random run, jackpot and consolation finalization, batch payouts and the cash sweep which handles any remaining balance at the end of a round.
Audit Results: Secure
After review, Hashlock evaluated PoolOrbit smart contracts “Secure”. The codebase follows clean, tidy logic, sticks to NatSpec comments throughout, and relies on widely trusted OpenZeppelin libraries where available. Each vulnerability that emerged during the review was either fixed or acknowledged by the PoolOrbit team before the report was made public, leaving the contracts ready for deployment within the audited framework.
All issues discovered during automated and manual scanning have been meticulously reviewed and applicable vulnerabilities are presented in the Audit Results section of the public report.
Why Onchain Lottery Security Matters
Lottery protocols are an unusual security target because they ask the same contract to do two of Web3’s trickiest things at once: hold a pool of user funds and get the randomness right. Small bugs in how winners are selected, how prizes are counted, or how the contract handles blocked states can quietly skew results, crowd out a legitimate winner, or freeze money inside the contract. And without a central operator behind the scenes to step in and fix problems, those problems land directly on users.
This is exactly the sort of thing that careful manual review is designed for. With PoolOrbit’s pool, factory, and randomness logic now rated Secure, players have a much stronger foundation to be confident that each round will play out as the rules describe.
Looking to the future
Once the audit is complete and the findings closed, PoolOrbit moves into its Base deployment with a much stronger security foundation. The team has made it clear they want to continue operating seamlessly as the protocol grows and community prize pools find a wider audience on the channel.
You can find the report here:
About Hashlock
Hashlock is a leading Web3 security company specializing in smart contract auditing and blockchain cybersecurity. Hashlock has conducted over 200 audits and helped secure over $1.3 billion in on-chain value across DeFi, gaming, infrastructure, and enterprise blockchain systems.
Website:
X:
About PoolOrbit
PoolOrbit is a blockchain-based lottery platform on Base that opens transparent, community-based prize pools to anyone with a wallet. On-chain verifiable randomness handles winner selection, and the rest of the protocol’s logic resides on-chain as well, so players can track pool activity and results themselves rather than taking an operator’s word. The result is a fairer and more accessible version of the lottery format, gamified, automated and transparent by default.
Website:
X:
