PoolOrbit, a fully onchain lottery platform built on Base, has wrapped up a smart contract audit with Hashlock, a Web3 security firm focused on smart contract auditing and blockchain cybersecurity. The contracts came out of the review with a “Secure” rating, an important step as PoolOrbit gets ready to open its transparent, community-driven prize pools to a wider audience.
What Is PoolOrbit?
The idea behind PoolOrbit is simple: take everything that makes traditional lotteries feel opaque, the operators, the trust assumptions, the unverifiable draws, and run it all onchain instead. Players deposit into a shared pool, and the moment that pool fills, winners are picked using verifiable onchain randomness. Prizes pay out straight from the pooled liquidity, with a jackpot going to the headline winner and a configurable batch of consolation prizes spreading rewards across more participants. From the first deposit through to the final treasury sweep, every step runs through smart contracts, so anyone can watch a round play out and check the outcome for themselves.
Building on Base keeps fees low and confirmations fast, which matters a lot when the lottery model only really works at small ticket sizes. The protocol’s full flow, from deposits and pool closure through randomness, winner selection, and payouts, lives onchain end to end. There is no trust-based black box deciding who wins; each round resolves in public, on terms anyone can verify.
Audit Scope
Hashlock ran an independent, manual review of PoolOrbit’s Solidity smart contracts (compiler version ^0.8.24), going through the code line by line and backing it up with software-assisted testing. The scope covered the core architecture: the pool factory, the individual pool logic, and the randomness handling that orchestrates winner selection. Within that, the team walked through the functions governing deposits, pool closure, randomness fulfilment, jackpot and consolation finalisation, batch payouts, and the treasury sweep that handles any leftover balance at the end of a round.
Audit Results: Secure
After review, Hashlock rated the PoolOrbit smart contracts “Secure”. The codebase follows clean, well-ordered logic, sticks to NatSpec commenting throughout, and leans on widely trusted OpenZeppelin libraries where appropriate. Every vulnerability surfaced during the review was either fixed or acknowledged by the PoolOrbit team before the report went public, leaving the contracts deployment-ready within the audited scope.
All issues uncovered during automated and manual analysis were meticulously reviewed and applicable vulnerabilities are presented in the Audit Findings section of the public report.
Why Onchain Lottery Security Matters
Lottery protocols are an unusual security target, because they ask the same contract to do two of the trickier things in Web3 at once: hold a pool of user funds, and get randomness right. Small bugs in how winners are picked, how prizes are accounted for, or how the contract handles stuck states can quietly skew outcomes, push out a legitimate winner, or freeze money inside the contract. And without a central operator behind the scenes to step in and patch things up, those issues land directly on users.
That is exactly the sort of thing a careful manual review is built to catch. With PoolOrbit’s pool, factory, and randomness logic now carrying a Secure rating, players have much firmer ground to trust that each round will play out the way the rules describe.
Looking Ahead
With the audit wrapped up and findings closed out, PoolOrbit heads into its rollout on Base with a much stronger security baseline behind it. The team has been clear about wanting to keep operating transparently as the protocol grows and as community-driven prize pools find a wider audience onchain.
You can find the report here: https://hashlock.com/audits/poolorbit
About Hashlock
Hashlock is a leading Web3 security firm specialising in smart contract auditing and blockchain cybersecurity. Hashlock has conducted 200+ audits and helped secure over $1.3 billion in onchain value across DeFi, gaming, infrastructure, and enterprise blockchain systems.
Website: https://hashlock.com/
About PoolOrbit
PoolOrbit is a blockchain-based lottery platform on Base that opens transparent, community-driven prize pools to anyone with a wallet. Verifiable onchain randomness handles winner selection, and the rest of the protocol’s logic lives onchain too, so players can follow pool activity and outcomes themselves rather than taking an operator’s word for it. The result is a fairer, more accessible take on the lottery format, gamified, automated, and transparent by default.
Website: https://www.poolorbit.com/
