Team.Finance
Solidity Developer · Smart Contract Engineering
https://team.finance ↗Challenge
Team.Finance is one of the longest-running token-locker platforms in Web3 — used by thousands of projects to credibly lock liquidity, vest team tokens, and prove to investors that a project's team can't rug-pull.
The core engineering problem is irrevocable trust. Once a project locks $5M in LP tokens for 12 months, the contract is the only thing standing between "trustworthy project" and "exit scam." A single privileged function — an admin pause, an emergency unlock, a misconfigured fee handler — turns the lock into a lie.
Across the multi-chain footprint (Ethereum, BNB Chain, Polygon, Arbitrum, Avalanche, Fantom, Optimism, Base) the additional constraint is that every chain's locker contract must be operationally identical, but deploy-time differences (USDT on BSC doesn't return bool from transfer, USDC on Polygon was bridge-issued for years, native MATIC has wrap quirks) all need handling without compromising the core lock invariant.
Approach
Work across token-locker and vesting contracts spanning the platform's multi-chain footprint. Approach centered on the lock invariant being non-negotiable:
**Immutable lock parameters.** Once a lock is created, neither the unlock timestamp nor the locked amount can be modified by anyone — not even the contract owner. The locker contract has no `unlock()` admin function. Withdrawals can only happen after `block.timestamp >= unlockAt`, and only the original lock creator's address can call `withdraw()`.
**ERC-20 quirk handling.** The locker uses OpenZeppelin's `SafeERC20` everywhere — handling tokens that don't return bool, tokens that revert without reason on insufficient balance, and tokens with transfer-fee mechanics. Balance-delta accounting confirms the actual amount received rather than trusting the claimed transfer.
**Auditable lock storage.** Every active lock is queryable by token address + locker address + index — making it trivial for third parties (audit firms, due-diligence tools, exchange listing teams) to verify a project's claimed locks on-chain in seconds. No proprietary indexer needed.
**Fee handling separated from lock logic.** The platform fee is collected on creation only, into a separate fee-collector contract. The locker itself never holds protocol fees mixed with user-locked assets — eliminating an entire class of withdrawal-accounting bugs.