Smart Contracts

Complete technical breakdown of PoolPays protocol architecture

All contracts are verified, immutable, and publicly auditable on Arbitrum One.

---

🏗️ Protocol Architecture

PoolPays consists of 3 primary smart contracts deployed on Arbitrum One (Ethereum Layer 2).

Core Properties

✅ Verified - Open-source code on Arbiscan ✅ Immutable - Admin keys permanently renounced ✅ Auditable - Anyone can inspect the code ✅ Battle-Tested - Months of production operation

---

📋 Main Contracts

Purpose: Manage deposits, withdrawals, and Uniswap V3 integration

Contract Address
0x1D262425dc046b8bb26B4DB4f4Cd754804208049
🔗 View on Arbiscan

Responsibilities:

Function	Description
✅ Receive Deposits	Accept USDC from liquidity providers
✅ Track Ownership	Record proportional share of each provider
✅ Allocate to Uniswap	Deploy USDC to WETH/USDC pool on Uniswap V3
✅ Process Withdrawals	Execute withdrawals after lock period expires
✅ Emit Events	Log all operations on-chain

Key Functions:

Main Liquidity Administrator (interface example)

// Deposit USDC and select yield period
deposit(uint256 amount, uint8 tier)

// Withdraw funds after lock period
withdraw(uint256 amount)

// Check provider balance
getProviderBalance(address provider) view returns (uint256)

// View total protocol liquidity
getTotalLiquidity() view returns (uint256)

---

2️⃣ Payer 1 (Yield Distribution)

Purpose: Distribute yields to liquidity providers

Contract Address
0x0c1133d9bc4d4ad6c439888ab4b4cb26b997aed0
🔗 View on Arbiscan

Responsibilities:

Function	Description
✅ Receive Protocol Fees	Collect fees from gaming applications
✅ Receive Uniswap Fees	Collect trading fees from Uniswap V3
✅ Calculate Shares	Compute proportional distribution for each LP
✅ Distribute Yields	Automatically allocate earnings
✅ Enable Claims	Allow LPs to claim anytime

Key Functions:

Payer 1 (interface example)

// Distribute accumulated yields to all LPs
distributeYields()

// LP claims their accumulated yields
claimYields()

// Check pending yields for specific provider
getAccumulatedYields(address provider) view returns (uint256)

// View total protocol revenue
getProtocolRevenue() view returns (uint256)

🔒 Security:

• ✅ Fully Autonomous - No admin keys exist

• ✅ Immutable - Cannot be modified since deployment

• ✅ Read & Claim Only - No privileged write functions

---

3️⃣ Payer 2 (Gaming Applications)

Purpose: Manage funds for integrated gaming applications

Contract Address
0x43DFb116A20dBb7085FBf8aB68E085b269158117
🔗 View on Arbiscan

Responsibilities:

Function	Description
✅ Receive Player Deposits	Accept funds from gaming users
✅ Process Payouts	Execute winning payments
✅ Transfer Protocol Fees	Send fees to Payer 1 automatically
✅ Maintain Segregation	Complete isolation from LP funds

Key Functions:

Payer 2 (interface example)

// Gaming app requests payout for winner
requestPayout(address player, uint256 amount)

// Gaming app deposits operational funds
depositGamingFunds(uint256 amount)

// Check gaming pool balance
getGamingPoolBalance() view returns (uint256)

🔒 Security:

• ✅ Access Control - Uses Authorized.sol module

• ✅ Whitelist Only - Only authorized apps can call critical functions

• ✅ Total Isolation - NO functions that move funds between Payer 1 ↔ Payer 2

---

🔐 Admin Key Renunciation

What Are Admin Keys?

Traditional smart contracts allow the deployer (creator) to maintain administrative functions:

• ❌ Pause the contract

• ❌ Modify parameters (fees, limits)

• ❌ Update contract logic

• ❌ Potentially access funds

This creates centralization risk.

---

How PoolPays Solved This

PoolPays executed irreversible renunciation of admin keys through on-chain transactions:

Transaction	Details
Payer 1 Renunciation	TX Hash: 0x46ba643d61f91274d4dd96e0f2e2b95a5fd5f1773ea9a856dfd09be5f5bb3bab 🔗 View on Arbiscan
Main Admin Renunciation	TX Hash: 0x60f64ae9033432fa3d3b0e7bee5f45dede1addb89aebb2c3ef60c9daae24205d 🔗 View on Arbiscan

---

What This Means

✅ No one (not even developers) can:

• Modify contract code

• Pause operations

• Change fees or parameters

• Access user funds

✅ Contracts will operate forever exactly as programmed

✅ It's mathematically impossible to regain admin control

---

🔍 Verify It Yourself

1

Access Arbiscan

Visit any contract (example): https://arbiscan.io/address/0x1D262425dc046b8bb26B4DB4f4Cd754804208049

2

Verify the Code

1. Click the "Contract" tab

2. See "Verified Source Code" ✅

3. Read complete Solidity code

3

Confirm Admin Renunciation

Look for absence/presence in verified code:

// ❌ Should NOT exist:
function pause() onlyOwner { ... }
function setFee(uint256 newFee) onlyOwner { ... }
function updateLogic(address newImplementation) onlyOwner { ... }

// ✅ Should exist:
function renounceOwnership() { 
    owner = address(0); 
    // Makes it impossible to regain control
}

4

Verify Renunciation Transactions

Click the TX hashes listed in the Admin Key Renunciation section and confirm:

• ✅ Date of renunciation

• ✅ Function called: renounceOwnership()

• ✅ Contract state after: owner = 0x0000000000000000000000000000000000000000

---

🛡️ Fund Segregation Architecture

Isolation Model

┌───────────────────────────────────────────────┐
│        LIQUIDITY PROVIDERS                    │
│    (deposit USDC, receive yields)             │
└──────────────────┬────────────────────────────┘
                   │
                   ▼
┌───────────────────────────────────────────────┐
│         PAYER 1 CONTRACT                      │
│   • LP funds                                  │
│   • Accumulated yields                        │
│   • NO external transfer functions            │
└───────────────────────────────────────────────┘

        ❌ TOTAL ISOLATION ❌
        (Zero code paths between them)

┌───────────────────────────────────────────────┐
│         PAYER 2 CONTRACT                      │
│   • Player funds                              │
│   • Gaming app deposits                       │
│   • NO access to LP funds                     │
└──────────────────┬────────────────────────────┘
                   │
                   ▼
┌───────────────────────────────────────────────┐
│       GAMING APPLICATIONS                     │
│    (integrate via smart contracts)            │
└───────────────────────────────────────────────┘

---

Why This Matters

Hypothetical Attack Scenario:

An integrated gaming app has a vulnerability and gets exploited. Hacker drains all funds from Payer 2.

Result WITH Segregation:

Contract	Status
Payer 2 (Gaming Funds)	❌ Compromised
Payer 1 (LP Funds)	✅ 100% Safe
Protocol	✅ Continues Operating

Result WITHOUT Segregation:

Contract	Status
ALL Funds	❌ Compromised
Protocol	❌ Insolvent

---

🔗 Third-Party Integrations

PoolPays interacts with battle-tested, audited contracts:

Uniswap V3 Router

Contract	Purpose	Link
0xE592427A0AEce92De3Edee1F18E0157C05861564	Manage liquidity in WETH/USDC pool	🔗 View on Arbiscan

USDC (USD Coin)

Contract	Purpose	Link
0xaf88d065e77c8cC2239327C5EDb3A432268e5831	Protocol base stablecoin	🔗 View on Arbiscan

WETH (Wrapped ETH)

Contract	Purpose	Link
0x82aF49447D8a07e3bd95BD0d56f35241523fBab1	Liquidity pair on Uniswap V3	🔗 View on Arbiscan

---

📊 On-Chain Events

All contracts emit events that can be tracked in real-time.

Main Liquidity Administrator Events

Events (Main Liquidity Administrator)

event LiquidityAdded(
    address indexed provider,
    uint256 amount,
    uint8 tier,
    uint256 timestamp
);

event LiquidityRemoved(
    address indexed provider,
    uint256 amount,
    uint256 timestamp
);

Payer 1 Events

Events (Payer 1)

event YieldDistributed(
    uint256 totalAmount,
    uint256 timestamp
);

event YieldClaimed(
    address indexed provider,
    uint256 amount,
    uint256 timestamp
);

Track Events: Go to any contract on Arbiscan → "Events" tab → See real-time activity

---

🧪 For Developers

GitHub Repository

Full code available at: 🔗 https://github.com/poolpays/poolpays-contracts

Contents:

/contracts     - Complete Solidity code
/test          - Test suite
/docs          - Technical documentation
README.md      - Deployment instructions

Run Locally

Local development (bash)

# Clone repository
git clone https://github.com/poolpays/poolpays-contracts.git
cd poolpays-contracts

# Install dependencies
npm install

# Compile contracts
npx hardhat compile

# Run tests
npx hardhat test

# Deploy to testnet
npx hardhat run scripts/deploy.js --network arbitrum-goerli

---

🔐 Audits

Current Status

Audit Firm	Status	Report
Internal Review	✅ Complete	Public on GitHub
Community Audit	✅ Ongoing	Open-source code
External Audit	🔄 Planned	See below

Planned Audits

Firm	Timeline	Focus
CertiK	Q1 2026	Full protocol audit
Trail of Bits	Q2 2026	Security assessment
OpenZeppelin	Under Discussion	Contract verification

---

📖 Contract Documentation

Complete Technical Specs

For detailed function documentation, parameter descriptions, and integration guides:

• 📚 Technical Documentation

• 🔧 Integration Guide

• 📊 Event Specification

---

❓ FAQ

Can contracts be upgraded?

No. Admin keys are permanently renounced. Contracts are immutable forever.

What if a bug is found?

Since contracts are immutable, bugs cannot be patched. This is why extensive testing and future audits are critical. However, fund segregation limits damage scope.

How do I verify renunciation?

1. Check contract on Arbiscan

2. Look for owner() function

3. Should return 0x0000000000000000000000000000000000000000

4. Verify renunciation TX in contract history

Can gaming apps access LP funds?

Absolutely not. Payer 1 (LP funds) and Payer 2 (gaming funds) have zero code paths between them. Mathematical impossibility.

---

🔗 Quick Links

Resource	Link
Main Contract	Arbiscan
Payer 1	Arbiscan
Payer 2	Arbiscan
GitHub	Repository
Uniswap V3	Integration

---

Code is Law. Immutable. Transparent. Trustless.