Contracts Overview
Six immutable Solidity contracts deployed via CREATE2 on Base and Arbitrum.
[!] Immutable
All contracts are non-upgradeable. There are no admin keys that can modify core logic. The only mutable parameters (fee rates, token whitelist) are controlled by a governance multisig and are bounded by on-chain caps.
Contract addresses
Contracts are deployed at identical addresses on all supported chains via CREATE2. Addresses are published after mainnet deployment.
Contract summary
| Contract | Purpose | Gas (typical) |
|---|---|---|
| CronRegistry | Core — plans, subscriptions, charge logic | ~120k (charge) |
| CronNFT | ERC-721 subscription identity token | ~250k (mint) |
| PaymentRouter | Revenue split — merchant / treasury / keeper | ~50k |
PlanFactory | Validated plan creation helper | ~150k |
| AgentBudgetManager | Per-agent spending caps | ~60k |
CronKeeper | On-chain batch charge helper | ~800k / 10 charges |
Dependencies
- OpenZeppelin Contracts v5 — ERC-721, Ownable, ReentrancyGuard, SafeERC20
- No external oracles, no external price feeds
- No upgradeable proxies
Security
- All external calls use
SafeERC20 - Charge function is
nonReentrant - No delegatecall patterns
- No flash loan vectors (state updates before external calls)
- 940 LOC of unit, fuzz, and invariant tests in Foundry
Build and test
All contracts are in codebase/contracts/ and use Foundry:
cd contracts
forge build
forge test -vv
forge test --fuzz-runs 10000