Hacken & KuCoin: pentests and bug bounties as CEXs’ keys to users’ trust
In May 2021, KuCoin reached Hacken to order Penetration Testing, later they ordered Bug Bounty
Hacken is launching a monitoring tool. Get details and join our beta program
In May 2022, Hacken performed a smart contract audit of HeadStarter. HeadStarter is the project accelerator and launchpad of the Hedera Hashgraph ecosystem. Its mission is to connect the best early-stage Hedera Hashgraph projects with community & decentralized funding. Hacken performs smart contract audits for Hedera Hashgraph. In fact, HeadStarter marked Hacken’s first audit for Hedera.
Solution: Smart Contract Audit
Audit Result: 10/10 score, excellent
Timeline: 13 May 2022 – 23 May 2022
Hacken auditors reviewed and analyzed HeadStarter’s smart contracts for the functionality of staking and vesting. It took 20 days to complete the procedure in two stages: (1) the initial review and (2) the remediation check.
HeadStarter – is a pool/vesting system with the following contracts and a brief description of their purpose:
Based on these functions, the owner has the following privileged roles:
All these contracts are designed specifically for Hedera.
First things first, we found no critical issues. Critical issues are usually straightforward to exploit and can lead to asset loss or data manipulations. We also didn’t find any high-severity issues.
We found three high-severity issues, all of which our client fixed. High-severity issues are difficult to exploit but significantly impact smart contract execution.
There was one medium issue in VestingPool.sol contract. In perspective, medium-level vulnerabilities, such as requirements non-compliance, cannot lead to asset loss or data manipulations. In this case, there was a typo in the error message “Invalid inter[n]al.” The client fixed it.
Low-level vulnerabilities cannot have a significant impact on execution. We found seven issues: Typo in documentation, floating pragma, outdated compiler version, style guide violation, requirements incompliance, and the confusing function name.
HeadStarter’s audit deserves special attention. After all, It’s our first audit of a project operating on the Hedera platform. Hedera is an enterprise-grade public network. It uses the native energy-efficient cryptocurrency HBAR. Speed, fairness, and security are the critical characteristics of Hedera. Developers can connect to Hedera in the languages they know best such as Solidity, Java, and Go.
Key characteristics of Hedera network:
Hedera is the proof-of-stake network and relies on the hashgraph consensus. In short, hashgraph agreement is similar to a “gossip protocol.” Once a node in the chain receives new data, it randomly selects another node on the network and shares this unique piece of information. The next informed node also sets the next node randomly. The process repeats until all nodes on the network have the new data. As a result, Hashgraph is faster, cheaper, and scalable. A typical validation time is a mere 3-5 sec. The processing capacity on the Hashgraph network is over 10,000 transactions per second, which is virtually unattainable for mainstream blockchains.
Our client Headstarter chose Hacken for auditing their staking and vesting contracts. Request a quote now if you want to get a professional code review and analysis of your Hedera-based project by a trusted auditor.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email