Audits
Services
DualDefense
Hacken Audit + Additional Crowdsourced Audit
Learn more
Services
DualDefense
Smart Contract Audit
Blockchain Protocol Audit
DORA Compliance
Virtual CISO
Penetration Testing
Cloud Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit
Retainer
DualDefense
New Approach To Blockchain Security
Hacken Audit + Additional Crowdsourced Audit
At no extra cost
2 in 1
Dual-layered protection
$0
Costs
30-Day
Crowdsourced audit
Independent
HackenProof bug hunters
Learn more
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company
Community
Community
- $HAI

Announcing new Hacken service – dApp Audit!

Announcing new Hacken service – dApp Audit!

3 minutes

Hacken now offers a new service – dApp Audit – to provide even more security to Web3 projects. dApp Audit by Hacken means a comprehensive code review and analysis of the off-chain part of the decentralized app to ensure safe and secure blockchain interaction.

What’s unique about dApp Audit by Hacken?

dApp is not a smart contract; securing it requires a different approach

Our market research revealed a lack of comprehensive security solutions specifically for decentralized apps. When talking about dApp audits, other cybersecurity companies and projects think about smart contracts. While it’s undoubtedly true that dApps interact with smart contracts, dApp is not a smart contract. In other words, all dApp audits available on the market are concerned with smart contracts rather than actual apps. We already have the solution for smart contracts security – Smart Contract Audit. But there’s no security solution for the app itself. As a result, the off-chain component remains the most overlooked part of the Web3 ecosystem in terms of security.

Hacken is the first to develop an audit methodology for off-chain infrastructure interacting with the blockchain. We are also the first to ship it as a service.

What is dApp?

dApp (Decentralized Application) is an application that interacts with a blockchain in one form or another (e.g., calls or reads from Smart Contracts, blockchain indexing, etc.). Usually, it helps achieve something that is not possible with just Smart Contracts (like random) or index some information that is not easily accessible through the blockchain directly (transaction history, custom Smart Contracts events, etc.).

dApp – an app that interacts with blockchain

dApp is a regular application (client – something you can see with your eyes and interact with, or server – something hidden behind the UI). The only difference is interaction with one or several blockchains. It is not deployed on the blockchain. It deploys like a regular Web 2.0 application. Developers can change the logic in the future after the deployment. The dApp code can be written in any programming language. Most use Java, Python, JavaScript, C#, and Rust.

Why audit dApp?

The off-chain component is the weakest point and needs attention

Most projects only audit smart contracts paying little attention to off-chain vulnerabilities. As a result, a decentralized application (dApp) is the most overlooked part of the Web3 ecosystem in terms of security. dApp audit targeted at the off-chain component helps projects create and maintain secure integrations with blockchains.

“It is not enough to audit just the smart contracts – the system is only as secure as its weakest component. By doing the dApp audit with us, you can ensure that the off-chain components will not become that weakest point.”
Yehvenii Bezuhlyi, Head of Smart Contracts Audits Department

According to DefiLlama, there have been more than 30 high-profile dApp exploits for approximately $1.5 billion in total damages. These include a few dApp hacks where losses exceeded $100 million. dApps face inherently different threats than smart contracts. The most common dApp vulnerabilities are

overconfidence in a node (or node provider);
failure to account for blockchain branching out;
incorrect validation of ENS records;
weak authentication via message signing;
unsafe private key storage;
XSS/SQL injections from the blockchain data;
misuse of checksum addresses;
blockchain data inconsistency;
incorrect integration with a smart contract and/or blockchain platform, usage of wrong data types, application; architecture, repository consistency, code style consistency;
deprecated, vulnerable, or outdated Web3 libraries.

If exploited, these vulnerabilities may lead to a private key loss or data breach.

What projects need dApp audits?

Wallets & Cross-Chain Bridges

In general, any app that sends or signs transactions, stores private keys or seed phrases, reacts to blockchain events, indexes blockchain data, or uses message signing for authentication will benefit from a dApp audit. For example, 100% of all wallets and cross-chain bridges require dApp audits.

dApp Audit by Hacken is an integral security measure to protect assets and reputation. Combined with Smart Contract Audit and Penetration Testing, dApp Audit will help projects secure the off-chain component, avoid costly errors, and increase community trust.