- Hacken
- Audits
- multibank-io
- [PT] MultiBank.io | Web | Feb2024
Introduction
We express our gratitude to the MultiBank.io team for the collaborative engagement that enabled the execution of this Web Application Security Assessment.
Document | |
|---|---|
| Name | Pentest and Security Analysis Report for MultiBank.io |
| Approved By | Andrew Matiukhin |
| Website | https://multibank.io/→ |
| Changelog | 05/07/2023 - Preliminary Report |
| 23/02/2024 - Final Report | |
| Platform | Ethereum, Solana, Bitcoin, Polygon |
| Language | Java, JavaScript |
| Tags | Pentest (Gray Box), Wallet, Governance, Decentralized Finance (DeFi), Liquidity Pool |
| Methodology | https://docs.hacken.io/methodologies/pentesting→ |
Document
- Name
- Pentest and Security Analysis Report for MultiBank.io
- Approved By
- Andrew Matiukhin
- Website
- https://multibank.io/→
- Changelog
- 05/07/2023 - Preliminary Report
- 23/02/2024 - Final Report
- Platform
- Ethereum, Solana, Bitcoin, Polygon
- Language
- Java, JavaScript
- Tags
- Pentest (Gray Box), Wallet, Governance, Decentralized Finance (DeFi), Liquidity Pool
Audit Summary
Executive Summary
Within limited time of security assessment the auditing team identified security vulnerabilities with various severities assigned. The Client team approached the audit result proactively and provided remediation for all significant vulnerabilities. As a result of activities done within assessment and remediation period no more significant security vulnerabilities were identified in the solution defined in the scope of the assessment.
Upon the request of the Client the list of vulnerabilities remain undisclosed.
Appendix 1. Severity Definitions
Severity | Description |
|---|---|
Critical | These issues present a major security vulnerability that poses a severe risk to the system. They require immediate attention and must be resolved to prevent a potential security breach or other significant harm. |
High | These issues present a significant risk to the system, but may not require immediate attention. They should be addressed in a timely manner to reduce the risk of the potential security breach. |
Medium | These issues present a moderate risk to the system and cannot have a great impact on its function. They should be addressed in a reasonable time frame, but may not require immediate attention. |
Low | These issues present no risk to the system and typically relate to the code quality problems or general recommendations. They do not require immediate attention and should be viewed as a minor recommendation. |
Severity
- Critical
Description
- These issues present a major security vulnerability that poses a severe risk to the system. They require immediate attention and must be resolved to prevent a potential security breach or other significant harm.
Severity
- High
Description
- These issues present a significant risk to the system, but may not require immediate attention. They should be addressed in a timely manner to reduce the risk of the potential security breach.
Severity
- Medium
Description
- These issues present a moderate risk to the system and cannot have a great impact on its function. They should be addressed in a reasonable time frame, but may not require immediate attention.
Severity
- Low
Description
- These issues present no risk to the system and typically relate to the code quality problems or general recommendations. They do not require immediate attention and should be viewed as a minor recommendation.
Appendix 2. Scope
The scope of the project includes the following web applications:
Scope Details | Link |
|---|---|
| Website | https://multibank.io→ |
| Trade | https://trade.multibank.io→ |
| Core API | https://core-api.multibank.io→ |
| Core | https://core.multibank.io→ |
| Exchange | https://exchange.multibank.io→ |
| Github Runner | https://github-runner.multibank.io→ |
| Nodes | https://nodes.multibank.io→ |
Scope Details
- Website
Scope Details
- Trade
Scope Details
- Core API
Scope Details
- Core
Scope Details
- Exchange
Scope Details
- Github Runner
Scope Details
- Nodes