We are glad to present our latest client, Sock—a cutting-edge, non-custodial investing application that empowers users with full control over their cryptocurrency assets. The platform is built upon the ERC-4337 smart contracts, ensuring a smooth account abstraction experience.
Our team at Hacken has meticulously audited Sock’s smart contracts, and we’re excited to share our findings.
Heads up: Sock has achieved an impressive audit score of 9.5 and a flawless security rating of 10/10.
Delving deeper into Sock, it’s more than just an investing app—it’s a fortress of self-custody. Its mission is to help you build wealth with crypto, safely. Compatible with iOS and Android, Sock is designed with the user’s privacy in mind, never requiring access to private keys. Transactions are executed exclusively on-chain via smart contracts. Sock uses account abstraction to provide best-in-class features like gas-less transactions and automated orders (stop loss and limit/take profit).
Furthermore, Sock resonates with Hacken CEO’s well-documented stance on memecoins by offering a carefully selected assortment of tokens with genuine utility.
Account abstraction is a leap forward from the traditional externally owned accounts (EOAs), and the ERC-4337 is at the forefront of this evolution. It heralds a new era of decentralization and gas abstraction without necessitating any changes to the consensus protocol, accommodating a wider range of signature schemes.
ERC-4337 is an ingenious solution that allows for the use of UserOperation objects, which Bundlers consolidate into single transactions on the Ethereum blockchain.
This standard has rapidly gained traction, with adoption by leading platforms such as Ethereum, Polygon, and Avalanche, among others. Now, Sock has also embraced ERC-4337, a move confirmed through Hacken’s comprehensive audit.
The aim of the audit was to provide Sock’s team with a rigorous external evaluation, verifying the integrity and compliance of their smart contracts with the ERC-4337 standard—an inaugural review for our team.
Language & Platform: Solidity; Ethereum Virtual Machine (EVM)
Contract Types: Staking, Factory, Proxy, ERC4337, Account Abstraction, Signatures
Audit Duration: 18 days
The audit was conducted by Hacken’s leading experts, David Camps Novi and Premyslaw Swiatowiec. It encompassed 10 contracts and 4 privileged roles, scrutinizing Sock’s trading platform’s ability to provide secure self-custody storage for cryptocurrencies. The platform’s architecture incorporates SockAccount for ERC-4337 transactions and SockOwnable for discrete access controls, facilitating efficient transaction management within the ecosystem.
The audit underwent two rounds of review, featuring constructive, direct dialogue between Sock developers and Hacken auditors. Initial findings were categorized as follows:
Before delving into specifics, we are pleased to report that all issues were rectified during the remediation phase.
Focusing on the most interesting issues, particularly those concerning ERC-4337 implementation:
A comprehensive list of all identified issues and their remediation is available on the Sock Audit Page.
After resolving all issues identified in the remediation stage, Sock was awarded an exemplary final score of 9.5. Kudos to the team for acting swiftly and decisively!
Documentation Quality: 10/10
Code Quality: 9/10
Test Coverage: 93.44%
Security Score: 10/10
Final Score: 9.5/10
“Central to our vision at Sock has been a true self-custodial experience that’s safe, secure, and as easy to use as anything found in traditional finance. ERC-4337 has given us the means to deliver on that vision, and the Hacken team has been essential to ensuring our implementation has lived up to both our own rigorous standards and those of the wider community. I deeply believe in their model of building long-term relationships with their clients, and think that ongoing product-security partnerships like Sock/Hacken are one of the keys to greatly expanding the adoption of self-custodial financial solutions.”
Chris Titterton, Head of Engineering, Sock
The Hacken audit confirms Sock’s compliance with ERC-4337 standards, establishing it as a secure, self-custodial trading platform with a pronounced commitment to utility tokens and decentralization. Sock’s notable audit score of 9.5/10 reflects its rigorous approach to account management and transaction security. Moreover, the audit process also expanded our knowledge of this emerging standard.
Subscribe to our newsletter
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.