Dripster
Dripster (Dimes.fi) is a leveraged prediction-market vault on Polygon. The backend coordinates off-chain order routing on Polymarket's CLOB, manages the position lifecycle, and signs the EIP-712 payloads that gate value-changing operations on the on-chain LeveragedPredictionVaultV1 contract. Visit dimes.fi.
Engagement history
Apr 2026 → Apr 2026All engagements
Dripster Backend Pentesting
Zealynx conducted a 10-day penetration test of the Dripster backend (NestJS / Prisma API at bloom-art/api), focusing on authentication, authorization, business logic, input validation, rate limiting, infrastructure, and Polymarket integration. The assessment surfaced 21 issues: 1 High, 4 Medium, 11 Low, and 5 Informational. 13 were fixed during the engagement window itself; 8 were acknowledged with detailed rationale (route disablement on dead surfaces, intended public API surfaces, test fixtures with no live secret material, or threat models superseded by the Polymarket V2 migration).
Dripster Leveraged Prediction Vault
Zealynx audited the Dripster Leveraged Prediction Vault, a custodial EVM smart contract suite that opens leveraged positions on Polymarket Conditional Token Framework markets. The 1,825 nSLOC review across seven Solidity files identified 17 issues (2 Medium, 7 Low, 8 Informational) with zero Critical or High findings, reflecting an iteratively-hardened codebase. Nine findings were fixed and eight acknowledged.
Why this page exists
When someone asks “is Dripster really audited?”, this is the page to send them. Every engagement we’ve delivered, in one place, with the artifacts.
Quick facts
