The Hacken 2025 Yearly Security ReportCovers major Web3 breaches, their root causes, prevention insights, and key regulatory trends for 2026.
Learn more

Ourbit

Audit name:

[PT] Ourbit | Android App | Sep2025

Date:

Sep 25, 2025

Table of Content

Introduction
Audit Summary
System Overview
Findings
Appendix 1. Severity Definitions
Appendix 2. Scope
Disclaimer

Want a comprehensive audit report like this?

Introduction

We express our gratitude to the Ourbit team for the collaborative engagement that enabled the execution of this Pentest.

Ourbit is a specialized centralized cryptocurrency exchange  designed explicitly for the "degen" (degenerate) trading community, focusing on high-risk, high-reward assets like memecoins. Built by industry veterans, its core value proposition is providing the number one liquidity for memecoins, prophetic early listings, and deep-rooted partnerships within memecoin communities.

Document

NamePentest and Security Analysis Report for Ourbit
Audited By
Approved By
Websiteourbit.com
Changelog11/09/2025 - Preliminary Report
Changelog25/09/2025 - Final Report
PlatformAndroid
LanguageJava
TagsPentest, BlackBox
Methodologyhttps://hackenio.cc/pentest_methodology

  • Document

    Name
    Pentest and Security Analysis Report for Ourbit
    Audited By
    Approved By
    Website
    ourbit.com
    Changelog
    11/09/2025 - Preliminary Report
    Changelog
    25/09/2025 - Final Report
    Platform
    Android
    Language
    Java
    Tags
    Pentest, BlackBox
    Methodology
    https://hackenio.cc/pentest_methodology

Review Scope

Androidhttps://play.google.com/store/apps/details?id=com.ourbit.client&hl=en_GB
version1.12.0

Protect your dApp with insights like these.

Audit Summary

3Total Findings
1Resolved
2Accepted
0Mitigated

The system users should acknowledge all the risks summed up in the risks section of the report

System Overview

Ourbit delivers a dedicated Android-based mobile application that serves as a portable gateway for its community to engage in rapid trading and asset management. The application is engineered to provide the speed and functionality required for the fast-paced memecoin and futures trading it facilitates.

Android Application Overview

Key features of the application include:

  • Core Trading Functionality: The app provides immediate access to spot and USDT-M perpetual futures markets, supporting high-leverage trading. It is designed for ultra-fast order execution, critical for trading volatile memecoins. The interface likely displays real-time price charts, order books, and market data for a vast array of memecoins and other cryptocurrencies.

  • Portfolio and Asset Management: A central dashboard aggregates the user's portfolio balance across spot and futures accounts. The app facilitates key actions such as deposits and withdrawals and likely integrates features like Copy Trading and Earn products. Prompts for engaging with new listings or community initiatives are expected to be prominent.

  • Security and Transparency Measures: The platform's emphasis on "Industry-leading Security & Asset Transparency" suggests the app includes features related to its Proof of Reserves, allowing users to verify asset backing. Security protocols like Two-Factor Authentication (2FA), anti-phishing codes, and device management are essential components.

  • Community-Centric Interface: The app is likely designed with a focus on community engagement, providing easy access to new memecoin listings, announcements, and potentially community feeds.

Findings

Code
Title
Status
Severity
F-2025-1283Misconfiguration Allowing Cleartext Network Traffic
fixed

Low
F-2025-1283Exported Legacy Firebase Receiver
accepted

Observation
F-2025-1283Absence of User Data Preservation Prompt on Uninstall
accepted

Observation
1-3 of 3 findings

Uncover findings like these to secure your project.

Appendix 1. Severity Definitions

Severity

Description

Critical
These issues present a major security vulnerability that poses a severe risk to the system. They require immediate attention and must be resolved to prevent a potential security breach or other significant harm.

High
These issues present a significant risk to the system, but may not require immediate attention. They should be addressed in a timely manner to reduce the risk of the potential security breach.

Medium
These issues present a moderate risk to the system and cannot have a great impact on its function. They should be addressed in a reasonable time frame, but may not require immediate attention.

Low
These issues present no risk to the system and typically relate to the code quality problems or general recommendations. They do not require immediate attention and should be viewed as a minor recommendation.

  • Severity

    Critical

    Description

    These issues present a major security vulnerability that poses a severe risk to the system. They require immediate attention and must be resolved to prevent a potential security breach or other significant harm.

    Severity

    High

    Description

    These issues present a significant risk to the system, but may not require immediate attention. They should be addressed in a timely manner to reduce the risk of the potential security breach.

    Severity

    Medium

    Description

    These issues present a moderate risk to the system and cannot have a great impact on its function. They should be addressed in a reasonable time frame, but may not require immediate attention.

    Severity

    Low

    Description

    These issues present no risk to the system and typically relate to the code quality problems or general recommendations. They do not require immediate attention and should be viewed as a minor recommendation.

Appendix 2. Scope

The scope of the project includes the following:

Disclaimer

Ourbit audit by Hacken