Kabila

We express our gratitude to the Kabila team for the collaborative engagement that enabled the execution of this dApp Security Assessment.

The system users should acknowledge all the risks summed up in the risks section of the report

Kabila Wallet is a non-custodial cryptocurrency wallet built specifically for the Hedera network. It enables users to securely manage HBAR tokens, fungible tokens, and non-fungible tokens (NFTs) using Hedera Token Service (HTS). The wallet is designed for security, transparency, and full user control over private keys, which are never stored on external servers or shared with Kabila.

Kabila Wallet is available across multiple platforms, including a Chrome browser extension, native iOS and Android apps, iPadOS, and macOS for M1-chip devices. It also supports WalletConnect, allowing integration with third-party decentralized applications (DApps) that run on Hedera. The interface is modern and intuitive, optimized for both novice and experienced users.

The wallet supports account creation, recovery via seed phrase or private key, and token management (send, receive, approve, and associate tokens). Users can purchase HBAR directly from within the wallet using credit card or bank transfer through the integrated C14 on-ramp, which may require KYC depending on the transaction size.

Kabila Wallet also offers full NFT management features, including a gallery view, safe peer-to-peer trading (Safe Trade), and batch minting or transfers — a unique capability not commonly available in Hedera wallets. It enables creators and collectors to interact with NFTs in a streamlined and secure environment.

Kabila Wallet uses AES-256 GCM encryption to securely store private keys locally on the user's device. It supports biometric authentication such as Face ID and traditional PIN codes on mobile platforms. Pre-sign alerts give users full transparency into transactions before authorization, helping prevent accidental or malicious operations. Additionally, the wallet includes a ReKey feature, allowing users to reset their private keys while maintaining access to their accounts.

Users can natively stake HBAR within the wallet to earn rewards. Transaction history is clearly displayed and can be exported in CSV format for analysis or accounting purposes. The wallet also supports token allowances and auto-associations, simplifying interactions with DApps that require token permissions.

Kabila Wallet is fully integrated with the broader Kabila ecosystem, including Kabila Tools, Launchpad, and NFT Market. It is the only wallet that supports advanced features like batch operations and retry mechanisms in coordination with Kabila’s creator platform. These integrations provide seamless access to minting, launching, and managing tokens and NFTs directly from the wallet.

The scope of the project includes the following endpoints from the provided repository: