Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Ensuring the Security of Soul-Bound Tokens in Soul Society

Ensuring the Security of Soul-Bound Tokens in Soul Society

Share via:

Soul Society, a Web3 social service and our latest client, has recently embraced the innovative concept of Growth-Type Soul-Bound Tokens (SBTs). These tokens are a unique blend of technology and user engagement, allowing people to participate in various activities and acquire rewards and SBTs that define their digital identities. Each user can own multiple SBTs, which are visible publicly and can be integrated into third-party services.

Hacken’s thorough audit of Soul Society’s smart contract resulted in a remarkable final score of 10 out of 10. This case study examines our team’s audit approach, key findings, and the impact of our analysis on the platform’s security and dynamism.

Audit Overview

Soul Society has approached Hacken requesting a comprehensive Smart Contract Code Review and Security Analysis. The primary objective of this audit was to scrutinize the security aspects of the client’s contracts to ensure the robustness and reliability of their Growth-Type SBT protocol.

The audit team comprised our experts in Solidity and EVM auditing, including Viktor Lavrenenko as the Smart Contract Auditor, David Camps Novi as the Smart Contract Audits Lead, and Paul Fomichov overseeing the process as the Smart Contract Audits Approver.

Our auditors tested and reviewed the following contracts:

SoulSocietySBT: a custom SBT contract that can mint, burn and grow SBTs.
HonToken: an ERC20 custom token contract that can mint and burn HON Tokens and transfer ownership.

We identified several issues threatening the system and recommended fixes. The Soul Society developers promptly solved all of them during the remediation phase.

High-Severity Issues:

Requirements Violation: The supply of HON tokens was found to be unlimited, contrary to standard practices.
Token Burn Non-Compliance: The process for burning tokens did not align with the ERC721 standard, leading to data inconsistencies.
Excessive Permissions: An overly permissive role allowed the owner to burn tokens from users without consent or prior notice.

Medium-Severity Issues:

Missing Safety Checks: The absence of safety checks for Non-External Owned Account (EOA) receivers of tokens could result in locked tokens.
Centralized Growth System: The growth level update lacked user approval, leading to a highly centralized growth mechanism.

Lower Severity Issues

Issues like floating pragma, missing events for critical value updates, missing URI length checks, and inefficient code in the setProtected() function were also noted.

See the complete audit report for a detailed account of all findings and recommendations.

Security Score and Improvements

In addition to the specific security concerns addressed, the overall quality of Soul Society’s smart contract was found to be exceptionally high – 10 out of 10. The audit revealed:

Documentation Quality: The documentation quality scored a perfect 10 out of 10. It included comprehensive functional requirements such as a clear description of contract purposes, detailed project features, business logic, and use cases. The technical description was complete, with all necessary environment configurations provided.
Code Quality: Similarly, the code quality was also rated 10 out of 10. The development environment was well-configured, and best practices in smart contract development were duly followed.
Test Coverage: Although the code coverage of the project was 0%, given the project’s size with less than 250 Lines of Code, this level of test coverage was deemed acceptable and did not affect the final score.
Security Score: Post-audit, the code contained no issues, earning a security score of 10 out of 10. This exemplary score underscores the robustness and reliability of the smart contracts used by Soul Society.

Conclusions

The audit of Soul Society’s smart contracts was a critical step in enhancing the security and efficiency of their Growth-Type SBTs protocol. The identification and subsequent resolution of these issues not only fortified the protocol against potential vulnerabilities but also aligned its practices with industry standards. Implementing recommended changes has significantly improved Soul Society’s smart contracts, ensuring a more secure and user-centric experience.

This case study exemplifies the necessity of rigorous smart contract audits in the dangerous Web3, especially for innovative concepts. By proactively addressing these security concerns, Soul Society has set a precedent in the Web3 community for operational excellence and commitment to user safety.