The Hacken 2025 Yearly Security ReportCovers major Web3 breaches, their root causes, prevention insights, and key regulatory trends for 2026.
Learn more

Xeggex

Audit name:

[PT] Xeggex | Web API | Feb2024

Date:

Apr 26, 2024

Table of Content

Introduction
Audit Summary
Document Information
System Overview
Executive Summary
Findings
Appendix 1. Severity Definitions
Appendix 2. Scope

Want a comprehensive audit report like this?

Introduction

We express our gratitude to the XeggeX team for the collaborative engagement that enabled the execution of this Security Assessment.

Founded in 2021, XeggeX.com strives to provide its users with the best trading experience and give small and medium market cap assets a reliable trading hub. Our goal is to maintain a fast and user friendly system while also concentrating on security to keep users, data, and assets safe. Security of our users' data & assets is always our top priority and we are focused on building an easy to use digital asset trading platform for everyone to enjoy.

titlecontent
Timeline04/03/2024 - 25/03/2024
Methodologyhttps://hackenio.cc/dApp_methodology

    Review Scope

    APIhttps://api.xeggex.com
    WEBhttps://xeggex.com

    Protect your dApp with insights like these.

    Audit Summary

    Total9/10
    Security Score

    9/10

    Test Coverage

    \-

    Code Quality Score

    \-

    Documentation Quality Score

    \-

    3Total Findings
    2Resolved
    0Accepted
    0Mitigated

    The system users should acknowledge all the risks summed up in the risks section of the report

    Document Information

    This report may contain confidential information about IT systems and the intellectual property of the Customer, as well as information about potential vulnerabilities and methods of their exploitation.

    The report can be disclosed publicly after prior consent by another Party. Any subsequent publication of this report shall be without mandatory consent.

    Document

    NameWeb Application Penetration Testing Report for XeggeX
    Audited By Bogdan Bodisteanu
    Approved ByStephen Ajayi
    Websitehttps://xeggex.com
    Changelog30/01/2024 - Preliminary Report

    • Document

      Name
      Web Application Penetration Testing Report for XeggeX
      Audited By
      Bogdan Bodisteanu
      Approved By
      Stephen Ajayi
      Website
      https://xeggex.com
      Changelog
      30/01/2024 - Preliminary Report

    System Overview

    Founded in 2021, XeggeX.com strives to provide its users with the best trading experience and give small and medium market cap assets a reliable trading hub. Our goal is to maintain a fast and user friendly system while also concentrating on security to keep users, data, and assets safe. Security of our users' data & assets is always our top priority and we are focused on building an easy to use digital asset trading platform for everyone to enjoy.

    Executive Summary

    Security score

    Upon auditing, the web application and API were found to contain 0 critical, 0 high, 2 medium, and 1 low severity issues, leading to a security score of 9 out of 10.

    All identified issues are detailed in the “Findings” section of this report.

    Summary

    The comprehensive audit of the customer web application and API yields an overall score of 9 . This score reflects the security aspects combined evaluation of the project.

    Scoring Methodologyarrow right

    Findings

    Code
    Title
    Status
    Severity
    F-2024-1546[31.220.88.229] - Open Metrics & Stats
    fixed

    Medium
    F-2024-1545[88.119.161.26] - Open Logs & Stats
    fixed

    Medium
    F-2024-1567[xeggex.com] - Content-Security-Policy Misconfiguration
    unfixed

    Low
    1-3 of 3 findings

    Uncover findings like these to secure your project.

    Appendix 1. Severity Definitions

    Severity

    Description

    Critical
    		These issues present a major security vulnerability that poses a severe risk to the system. They require immediate attention and must be resolved to prevent a potential security breach or other significant harm.

    High
    		These issues present a significant risk to the system, but may not require immediate attention. They should be addressed in a timely manner to reduce the risk of the potential security breach.

    Medium
    		These issues present a moderate risk to the system and cannot have a great impact on its function. They should be addressed in a reasonable time frame, but may not require immediate attention.

    Low
    		These issues present no risk to the system and typically relate to the code quality problems or general recommendations. They do not require immediate attention and should be viewed as a minor recommendation.

    • Severity

      Critical

      Description

      These issues present a major security vulnerability that poses a severe risk to the system. They require immediate attention and must be resolved to prevent a potential security breach or other significant harm.

      Severity

      High

      Description

      These issues present a significant risk to the system, but may not require immediate attention. They should be addressed in a timely manner to reduce the risk of the potential security breach.

      Severity

      Medium

      Description

      These issues present a moderate risk to the system and cannot have a great impact on its function. They should be addressed in a reasonable time frame, but may not require immediate attention.

      Severity

      Low

      Description

      These issues present no risk to the system and typically relate to the code quality problems or general recommendations. They do not require immediate attention and should be viewed as a minor recommendation.

    Appendix 2. Scope

    The scope of the project includes the following :

    Assets in Scope

    Main Web Application - Main Web Application
    API - API
    Xeggex audit by Hacken