Beta — Smart contract audit in progress. We recommend keeping wallet balances under $100 USDC.
CardZero

Contract addresses

All addresses on Base mainnet (chain ID 8453). CardZero is not deployed on Base Sepolia (yet) or any other chain.

Wallet contracts

| Contract | Address | Notes | | --- | --- | --- | | CardZeroFactory V2 | 0xa3fc38f1b9379ed269a9ac75b6de229fa55e412e | Deploys V2 wallets (payments only) | | CardZeroWallet V2 (impl) | 0x601b1E85931fa25e2e82B387c829302D56De7470 | UUPS proxy implementation | | CardZeroFactoryV3 | 0x0c1d37f49ab9da5b6da2e2938be5567fbba4aabb | Deploys V3 wallets (payments + Jobs) | | CardZeroWalletV3 (impl) | 0x70ff113944ad5dcF11A28B240c8F3244112C2298 | UUPS proxy implementation | | CardZeroFactory V1 (legacy) | 0xebf66b2dfcd8c4f96248ddfedc8f7c49d49f7283 | EIP-1167 minimal proxies; not upgradeable. Legacy users only. |

V2 wallets cannot upgrade to V3. Address namespace is different (CREATE2 salt includes "v3" suffix in V3 factory).

ERC-8004 (Identity + Reputation)

| Contract | Address | Notes | | --- | --- | --- | | IdentityRegistry | 0x1db9b790ae49def806d3d16172de04d2557fecbe | UUPS proxy | | IdentityRegistry (impl) | 0x82993dfdb6104849fa1fcbb4139f145ec6d3b8e2 | | | ReputationRegistry | 0xc00a5757c63d65005d22e507eae045df5e83b338 | UUPS proxy | | ReputationRegistry (impl) | 0x9805be287464687692006a6d68278a288365f987 | |

ERC-8183 (Job escrow)

| Contract | Address | Notes | | --- | --- | --- | | CardZeroJobs | 0xb28a0cca5ac28466f3d175f35b97aa104d4c4ba8 | UUPS proxy | | CardZeroJobs (impl) | 0x5e545d00af169a35a1211fffb25331a2ec694e1f | |

External

| Contract | Address | Notes | | --- | --- | --- | | USDC | 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913 | Native Base USDC, 6 decimals, by Circle | | EntryPoint (ERC-4337) | 0x0000000071727De22E5E9d8BAf0edAc6f37da032 | v0.7 |

Role separation (4 EOAs, 0 overlap)

CardZero uses 4 distinct EOAs with different roles. None of them holds power that any other has. This is deliberate compartmentalization.

| EOA | Address | Role | | --- | --- | --- | | DEPLOYER | 0x79985809b620F488D524fFA2e29c1377e018edce | Owns wallets, deploys contracts, signs claim tx, admin role on UUPS upgrades | | REGISTRAR | 0xfd865c3C6AbC3F714D587c583166dd096a7EED51 | Registers agents in IdentityRegistry. No payment / wallet authority. | | ATTESTOR | 0xf76a7a569060fD800dcfc2c2EEa8a4060385a1D4 | Signs ReputationRegistry events. Bound to scoringRulesHash. | | EVALUATOR | 0x8157Cb8e28707eD7aeC693662D51563c63620E59 | Calls Jobs.complete and Jobs.reject. No deploy or registration authority. |

If any single key leaks, blast radius is bounded:

  • Deployer leak: attacker can drain wallet ETH (gas), deploy spam, but cannot move user USDC (still subject to wallet policy).
  • Registrar leak: attacker can register fake agents but cannot move funds.
  • Attestor leak: attacker can write bogus reputation events but score is capped at +20 / -10 per event; SCORING-RULES.md hash mismatch detectable.
  • Evaluator leak: attacker can mis-finalize Jobs but only ones in submitted state; cannot steal funds beyond the platform-fee % of in-flight Jobs.

Treasury

| Address | Receives | | --- | --- | | 0x41a45c8fbB03d0137163c55d950B3F93330091da | Platform fees (2%) on every payment + 2% of Job budgets on completion |

This is currently a CardZero-controlled multisig-eligible address. Could move to a multisig in the future without disrupting fee flow.

Verifying on Basescan

Every contract is verified on Basescan with source. Click any address above:

Direct interaction (bypassing CardZero API)

You can interact with these contracts directly via any Ethereum tooling (viem, ethers, foundry). The API is convenience; the contracts are the authority. This is a property, not a bug.

Example: directly read a Job's state without API:

import { readContract } from "viem";
const job = await readContract({
  address: "0xb28a0cca5ac28466f3d175f35b97aa104d4c4ba8",
  abi: [/* CardZeroJobs.getJob */],
  functionName: "getJob",
  args: [BigInt(jobId)],
});

If we ever shut down our API tomorrow, your wallet keeps working — interact directly with the contracts. Reputation events stay queryable from the ReputationRegistry indefinitely.

Live mainnet proof

The first 1 USDC end-to-end Job lifecycle:

Basescan: 0xf71ce10c…0593bd

5 transactions: createJob → approve → fund → submit → complete. Total 1 USDC moved through escrow with auto-split 0.93 / 0.05 / 0.02.