• Hacken
  • Blog
  • Case Studies
  • Ensuring the Security of Soul-Bound Tokens in Soul Society

Ensuring the Security of Soul-Bound Tokens in Soul Society

3 minutes

By Malanii Oleh

Soul Society, a Web3 social service and our latest client, has recently embraced the innovative concept of Growth-Type Soul-Bound Tokens (SBTs). These tokens are a unique blend of technology and user engagement, allowing people to participate in various activities and acquire rewards and SBTs that define their digital identities. Each user can own multiple SBTs, which are visible publicly and can be integrated into third-party services​​.

Hacken’s thorough audit of Soul Society’s smart contract resulted in a remarkable final score of 10 out of 10. This case study examines our team’s audit approach, key findings, and the impact of our analysis on the platform’s security and dynamism.

Audit Overview

Soul Society has approached Hacken requesting a comprehensive Smart Contract Code Review and Security Analysis. The primary objective of this audit was to scrutinize the security aspects of the client’s contracts to ensure the robustness and reliability of their Growth-Type SBT protocol​​.

The audit team comprised our experts in Solidity and EVM auditing, including Viktor Lavrenenko as the Smart Contract Auditor, David Camps Novi as the Smart Contract Audits Lead, and Paul Fomichov overseeing the process as the Smart Contract Audits Approver.

Our auditors tested and reviewed the following contracts:

  • SoulSocietySBT: a custom SBT contract that can mint, burn and grow SBTs.
  • HonToken: an ERC20 custom token contract that can mint and burn HON Tokens and transfer ownership.

We identified several issues threatening the system and recommended fixes. The Soul Society developers promptly solved all of them during the remediation phase.

High-Severity Issues:

  1. Requirements Violation: The supply of HON tokens was found to be unlimited, contrary to standard practices.
  2. Token Burn Non-Compliance: The process for burning tokens did not align with the ERC721 standard, leading to data inconsistencies.
  3. Excessive Permissions: An overly permissive role allowed the owner to burn tokens from users without consent or prior notice​​.

Medium-Severity Issues:

  1. Missing Safety Checks: The absence of safety checks for Non-External Owned Account (EOA) receivers of tokens could result in locked tokens.
  2. Centralized Growth System: The growth level update lacked user approval, leading to a highly centralized growth mechanism​​.

Lower Severity Issues

Issues like floating pragma, missing events for critical value updates, missing URI length checks, and inefficient code in the setProtected() function were also noted​​.

See the complete audit report for a detailed account of all findings and recommendations.

Security Score and Improvements

In addition to the specific security concerns addressed, the overall quality of Soul Society’s smart contract was found to be exceptionally high – 10 out of 10. The audit revealed:

  • Documentation Quality: The documentation quality scored a perfect 10 out of 10. It included comprehensive functional requirements such as a clear description of contract purposes, detailed project features, business logic, and use cases. The technical description was complete, with all necessary environment configurations provided.
  • Code Quality: Similarly, the code quality was also rated 10 out of 10. The development environment was well-configured, and best practices in smart contract development were duly followed.
  • Test Coverage: Although the code coverage of the project was 0%, given the project’s size with less than 250 Lines of Code, this level of test coverage was deemed acceptable and did not affect the final score.
  • Security Score: Post-audit, the code contained no issues, earning a security score of 10 out of 10. This exemplary score underscores the robustness and reliability of the smart contracts used by Soul Society.


The audit of Soul Society’s smart contracts was a critical step in enhancing the security and efficiency of their Growth-Type SBTs protocol. The identification and subsequent resolution of these issues not only fortified the protocol against potential vulnerabilities but also aligned its practices with industry standards. Implementing recommended changes has significantly improved Soul Society’s smart contracts, ensuring a more secure and user-centric experience.

This case study exemplifies the necessity of rigorous smart contract audits in the dangerous Web3, especially for innovative concepts. By proactively addressing these security concerns, Soul Society has set a precedent in the Web3 community for operational excellence and commitment to user safety.

to our newsletter

Be the first to receive our latest company updates, Web3 security insights, and exclusive content curated for the blockchain enthusiast.в

Speaker Img

Table of contents

  • Audit Overview
  • Security Score and Improvements
  • Conclusions

Tell us about your project

Follow Us

Read next:

More related
  • Blog image
    Ensuring the Integrity of VeChain’s Account Abstraction Layer: A Case Study

    2 min read

    Case Studies

  • Blog image
  • Blog image
More related →

Trusted Web3 Security Partner