DumbFun
← Markets

Funds & safety

Wallets, topping up, and how to stay safe. Use Wallet settings for live balance and your embedded address; protocol vault/treasury pubkeys are under Protocol below.

Embedded wallet: why initialize, who owns it, and what we can access

The Privy embedded Solana wallet exists so you have a stable on-chain address for this product: you use it to sign stake transactions and to receive SOL from winning or refund claims. Until you run Initialize embedded wallet on Wallet settings, that signer does not exist yet and betting cannot complete.

Ownership. The embedded wallet is yours: it is created under your Privy login and linked to your account. It is not a shared pool operated by DumbFun as custodian of your keys.

What DumbFun cannot do. We do not receive or store your private key or seed phrase. We cannot move SOL out of your embedded wallet on our own; spends require approval in the Privy wallet UI. The backend only uses your public address (and configured limits such as betting permission caps) to enforce rules and read balances, the same information visible on-chain to anyone.

Wallets: what you actually control

You sign in with the app's login (Privy). For on-chain betting, the app uses a Privy embedded Solana wallet tied to your account — the same address shown as your "linked" wallet in Wallet settings and the SOL balance chip in the header.

If you have not created that embedded wallet yet, use Initialize embedded wallet on the wallet page first; otherwise stakes and claims cannot be signed.

When you trade, each market has its own on-chain escrow (see Protocol for published addresses). Do not send SOL to those escrows to "top up" — they are not your personal deposit box. Your spendable balance is SOL on your embedded wallet only.

The app keeps an active betting permission session for you automatically (time- and amount-limited caps: per-bet maximum, daily total, expiry). Each stake is still signed by you in the Privy wallet prompt; the backend uses that permission to enforce limits and the stake recipient for that market.

Protocol: fee vault & escrows

Each open market has a dedicated Solana escrow: stakes move there from your embedded wallet; wins and refunds are paid from that same escrow back to your embedded address. A separate protocol fee vault pubkey is published for future fee routing — do not use it as your personal wallet. Fund your linked embedded wallet only for betting.

Protocol fee vaultSolscan ↗
GJwZpoqdja4SGKSHo6XP3KAjZBmRu8kovA3N8N5X3WAb

How to add SOL (top up)

  1. Open Wallet settings while signed in.
  2. Copy your linked / embedded Solana address from Wallet settings (Copy address). Double-check the first and last characters after pasting.
  3. From any Solana wallet or exchange that supports withdrawals to a raw address, send native SOL on Solana mainnet to that address only. Sending other tokens or using the wrong network can mean permanent loss.
  4. Wait for confirmations, then use Refresh on the wallet card or rely on the periodic refresh — the balance is read from the chain.
  5. Keep a little extra SOL beyond what you intend to bet so you still have rent and network fees for stake and claim transactions.

Security: what to expect

  • Keys. The embedded wallet is created inside Privy's wallet flow. You can use Export private key (wallet page) to back up or migrate, but anyone with that key controls the funds — store it offline and never paste it into random sites.
  • Betting limits. The app stores an active betting permission with an expiry date and caps (per trade and per day) so stakes only go to the market escrow (and allowlisted fee destinations). That is not silent access to your wallet: each stake is signed by you in a Privy prompt. One-time activation records those limits on the server; let permission expire or revoke it if you want to stop betting. Do not share your login session.
  • Quotes. Bets use a fresh price quote from the server; very old quotes are rejected so execution stays close to what you reviewed.
  • Phishing. Only approve transactions on the real site URL you trust. The app will not DM you on Discord or Telegram asking for seed phrases.
  • Operational pauses. The operator can pause betting, permissions, or payouts during incidents. Pauses are a safety valve, not a guarantee of any particular outcome.