Is it risky to publicly share a verified smart contract address and source code for transparency?

Post original

Hi everyone, I’m building a small non-custodial USDC transfer app, and I recently verified the app’s contract on BaseScan. Now I’m considering publishing the contract address and source code more visibly on our official website and GitHub, so users can inspect how the transfer and fee logic works. The contract is simple: when a user sends USDC, it pulls the approved USDC from the sender and routes it to: the recipient the project’s fee wallet The fee logic is fixed in the contract: - 0.39% - minimum fee: 0.25 USDC - maximum fee: 3.90 USDC The contract does not have an admin function to change the fee after deployment. The USDC token address and fee recipient are immutable. I understand that BaseScan verification is not the same as a formal audit, and I do not plan to describe it as audited or guaranteed safe. My question is: Is it generally safe and reasonable for an early-stage crypto payment/transfer app to publicly share its verified contract address and source code on its website and GitHub for transparency? Or could this create meaningful risks, such as: - making it easier for attackers to analyze the contract - creating legal/marketing risk if users misunderstand “verified” as “audited” - exposing too much business logic too early - attracting criticism before the contract has a formal audit I’m not asking whether this replaces an audit. I’m trying to understand whether public disclosure of an already verified contract is a good transparency practice, or whether there are risks I should consider first. What would you recommend?   submitted by   /u/Alternative-Goat7010 [link]   [comments]