GCA Security

This page summarizes the verified contract controls and the current audit status for GCA. It is meant for users, wallets, moderators, and reviewers who need a concise security reference.

Verify GCA BaseScan Source Token Safety Checklist Status FAQ Risk Supply Technical Evidence

Source Verified on BaseScan

Supply Fixed at 1B GCA

Admin Role None

Third-Party Audit Pending independent report

Verified Contract Controls

The deployed GCA token is a fixed-supply ERC-20 contract on Base Mainnet. These controls are visible in the verified source and protected by repository tests.

Minting No mint function

The full supply was created once in the constructor.

Tax No transfer tax

Transfers do not route fees to a project wallet.

Blacklist No blacklist

There is no token-level address blocking path.

Admin No owner role

The token contract has no post-deployment admin account.

Upgrade No proxy

There is no upgrade mechanism or proxy controller.

Custody No withdrawal path

The token contract cannot custody or withdraw user funds.

Internal Review

An internal engineering review was completed on 2026-05-08. No critical, high, medium, or low severity contract issues were found in the reviewed fixed-supply token logic.

Reviewed contracttoken/contracts/GCAToken.sol

CompilerSolidity 0.8.24

Source SHA-2566ba294fe0f6e20485f90297eede83ce620291ab525c92abb3bcf6547d1cf4cce

Third-Party Audit

No independent third-party audit has been completed. Quote requests were submitted to QuillAudits, Hacken, and OpenZeppelin on 2026-05-10, then deferred by owner decision. GCA should not be described as externally audited, audit-approved, or third-party audited.

Audit quote requestsSubmitted then deferred

Paid external auditNot commissioned

Public audit reportNot available

Operational Distribution

The contract can be simple while distribution remains operationally sensitive. Reserve custody, liquidity management, and public communications must stay transparent.

Liquidity Risk

The current official GCA/USDT pool has starter-depth liquidity. Slippage, price impact, and execution volatility can be high.

Wallet Warnings

Risk-warning status is controlled by wallet and security vendors. A false-positive report was submitted, and the owner observed no wallet risk warning visible on 2026-05-14; this is not permanent security-vendor approval.

Security References

Use the readable token safety, technical report, audit readiness, and risk remediation pages first. Public claims must still follow the safe-claim boundaries below.

Token safety checklisttoken-safety.html

Technical reporttechnical-report.html

Audit readinessaudit-readiness.html

Risk remediationrisk-remediation.html

External review statusexternal-reviews.html

Safe Public Claims

Safe to say: source verified, fixed supply, no mint function, no owner/admin role, no blacklist, no transfer tax, no proxy, and no withdrawal path.
Do not say: third-party audited, externally audited, audit-approved, locked reserve, deep liquidity, price support, permanent warning-free status, or security-vendor approval.
Do not ask users for private keys, seed phrases, exchange API secrets, withdrawal permission, or custody of funds.