Add hotprediction.fun to whitelist - legitimate Solana prediction game

[TheMemeBanker]

Request Type

Whitelist addition request

Domain

• hotprediction.fun

Description

Hot Prediction is a legitimate on-chain prediction/spinner game built on Solana. Users bet $PREDICT tokens and a provably fair winner is selected each round. All transactions are transparent and verifiable on-chain.

Evidence of Legitimacy

Smart Contract (Verified):

• Program ID: 6GpyiyZd1od8N8wcCTxSCtRcmgaWMQL3tcCyz4KNtNGD
• Open-source Anchor program deployed on Solana mainnet
• All funds handled through PDAs with proper escrow logic

Social Presence:

• Twitter: @TheyAlreadyKnew
• Community: X Community
• Website: https://www.hotprediction.fun

Technical Details:

• Uses standard Phantom wallet adapter (@solana/wallet-adapter)
• No raw transaction signing - all through Phantom's secure APIs
• Transaction simulation enabled
• No token approvals or delegations requested beyond what's needed for gameplay

Why This Should Be Whitelisted

The dApp does not:

• Request excessive permissions
• Attempt to drain wallets
• Use deceptive practices
• Mimic other legitimate sites

We've contacted review@blowfish.xyz multiple times with no resolution.

Thank you for reviewing!

Summary by CodeRabbit

• Chores
  • Updated whitelist configuration to include hotprediction.fun

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

A whitelist configuration file is updated to include a new domain entry (hotprediction.fun) while preserving the existing nftplus.io entry in the allowed URLs list.

Changes

Cohort / File(s)	Summary
Whitelist Configuration whitelist.yaml	Added hotprediction.fun domain to whitelist; nftplus.io entry retained (+2/-1 lines)

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly summarizes the main change: adding hotprediction.fun to the whitelist. It is concise, specific, and clearly indicates the primary purpose of the pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@whitelist.yaml`:
- Around line 33-34: The entry for hotprediction.fun in whitelist.yaml should
not be approved as-is; remove the "- url: hotprediction.fun" line or mark it for
rejection and require extraordinary verification: demand proof of domain
ownership/control (DNS TXT or signed statement), verified on-chain contract
addresses with links to audited source code and Etherscan/Polygonscan
verification, and public team/project identity (linked socials, org
registration) plus independent reputation checks showing non-zero trust; only
re-add the "hotprediction.fun" entry to whitelist.yaml after the reviewer
verifies these artifacts and signs off.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

hotprediction.fun domain reputation scamadviser

💡 Result:

ScamAdviser flags hotprediction.fun as very low trust (Trust Score 0) and warns it may be a scam — reasons include very recent registration (Jan 18, 2026), few visitors, other low‑rated sites on the same server, and crypto-related/high‑risk content. (ScamAdviser page). Independent reputation scanners similarly mark it suspicious/blacklisted. [1][2]

Sources:
[1] ScamAdviser report for hotprediction.fun.
[2] Gridinsoft / website reputation check for hotprediction.fun.

---

🌐 Web query:

hotprediction.fun registration date domain age

💡 Result:

hotprediction.fun was registered on January 18, 2026 — as of January 21, 2026 the domain is 3 days old. [1][2]

Sources:
[1] ScamAdviser domain report for hotprediction.fun.
[2] Gridinsoft website reputation report for hotprediction.fun.

---

🌐 Web query:

hotprediction.fun blockchain project on-chain

💡 Result:

I couldn’t find any on‑chain deployment or reputable project named hotprediction.fun. The domain is flagged as low‑trust by a security site, and community posts warn about similar “prediction” / slippage‑bot scam contracts that hardcode attacker withdrawal addresses. There are established prediction projects (e.g., predict.fun / other prediction markets) that are separate. Sources: GridinSoft domain analysis [1]; community warnings about malicious contracts/slippage scams [2][3]; on‑chain trackers for legitimate prediction projects (example: Predict Fun analytics) [4].

Do you want me to (a) probe blockchain explorers for a specific smart‑contract address, (b) run an on‑chain trace for transactions from that domain (if you can share an address), or (c) investigate predict.fun and other legit prediction markets?

---

Do not whitelist this domain without extraordinary verification evidence.

This domain presents serious red flags that must be resolved before approval. hotprediction.fun was registered only 3 days ago (January 18, 2026) and carries a Trust Score of 0 on automated reputation services. It shows no legitimate on-chain deployment or association with any established project. Community reports flag similar "prediction market" domains as scam contracts with hardcoded attacker withdrawal addresses and slippage-bot exploits.

Before proceeding, require explicit proof of: (1) legitimate domain ownership and control, (2) verified on-chain smart contract deployment with audited code, (3) clear project identity and team verification. The current evidence strongly suggests this domain should be rejected entirely rather than whitelisted.

🤖 Prompt for AI Agents

In `@whitelist.yaml` around lines 33 - 34, The entry for hotprediction.fun in
whitelist.yaml should not be approved as-is; remove the "- url:
hotprediction.fun" line or mark it for rejection and require extraordinary
verification: demand proof of domain ownership/control (DNS TXT or signed
statement), verified on-chain contract addresses with links to audited source
code and Etherscan/Polygonscan verification, and public team/project identity
(linked socials, org registration) plus independent reputation checks showing
non-zero trust; only re-add the "hotprediction.fun" entry to whitelist.yaml
after the reviewer verifies these artifacts and signs off.