Security / Safety

RebelMint has no control over user-created content, nor the content that users use the app to display. Read full terms for more info (https://rebelmint.org/tos)

The app/sdk is designed to only interact with authentic RebelMint contracts. It does this by comparing the contract deployed bytecode of any entered contract address to the template code embedded in the SDK itself. Because all RebelMint contracts are clones of the template, all deployed bytecode will match. If there's a mismatch, RebelMint SDK is designed to throw an error and not load the contract.

This is so that BadAppleAdam (sorry good Adam's of the world), doesn't create a drainer contract and pass it off as a RebelMint contract and direct victims to it through the app.

But what if BadAppleAdam mimics the app itself to bypass the security???

There's not much that can be done except insulating the URL. The authentic URL address of the RebelMint app is at rebelmint.org and to prevent BadAppleAdam from spoofing the address with capped letter variations or pluralization, I've also obtained rebeimint.org rebelmlnt.org rebeimlnt.org rebelmints.org rebeimints.org rebelmlnts.org rebeimlnts.org (and also rebelmint.xyz rebelmints.xyz rebelmints.com for good measure*). Only the authentic URL resolves to the app, and all the others point at nothing. That's about $120 a year in domain registrations, and to me it's worth it, because fuck scammers.

Please be vigilant, this is crypto. Please be careful with links and use a reputable transaction previewer. If the previewer shows danger - listen to it! Even if you think it's a false positive (I sometimes get them on new custom contracts - and I'm ok with this), listen to it and let me know so I can create a ticket to have it looked at by your scanner. Please be safe.

*rebelmint.com is squatted and being listed for $2k, so I have not bought that. If any real sweet cryptorich person want's to help me out by buying and transferring it, or sending me some moolah, that'd be awesome!