Head of Smart Contracts Audits Department
Hacken is launching a monitoring tool. Get details and join our beta program
Audit the off-chain part of your decentralized app to ensure safe and secure blockchain interactionrequest a quote
A decentralized application (dApp) is an off-chain component of the system. It is the most overlooked part of the Web3 ecosystem when it comes to security. dApp audit helps projects create and maintain secure integrations with blockchains and protect assets and reputation.
Security audit is not an additional expense. It actually reduces costs by preventing hacks and leaks from happening.
Do not neglect decentralized application’s security, it is as crucial as smart contract’s security.
Secure the whole system and give users the highest level of security possible.
Secure wallets that directly or indirectly manage user private keys, sign and send transactions.
Protect off-chain bridge oracles from frequent hacks that lead to asset loss.
Well, almost everything. Secure any application that sends or signs transactions, stores private keys or seed phrases, reacts to the blockchain events, indexes the blockchain data, or uses message signing for authentication.
Fill out the form to get a quote and book our certified specialists
Line-by-line review, overview of all found issues, dApp scoring, and detailed recommendations.
A breakdown of the full dApp audit price with no hidden fees.
Auditors with a proven record of reviewing decentralized applications.
Trusted by leading blockchain organizations and major Web3 projects.
Credible auditor with public industry-recognized leaders.
A truly caring team with a focus on client outcomes.
You submit the request along with required documentation, and our specialists consult you on dApp audit price, scope, timeline
Hacken conducts dApp audit, providing report containing detected vulnerabilities and recommendations for fixing
Introduce bug fixes and get a remediation check (1 check is covered) to ensure that all changes are correct
Your dApp is secure. You receive Proofed by Hacken label and promotion package from Hacken
Head of Smart Contracts Audits Department
"We have already seen a number of preventable hacks that led to millions lost. It is not enough to audit just the smart contracts - the system is only as secure as its weakest component. By doing the dApp audit with us, you can ensure that the off-chain components will not become that weakest point."
Hacken dApp audit methodology
Hacken dApp Audit methodology is created as an answer to security concerns of the Web3 ecosystem. It describes a 4-stage process that includes an automated tools scan and line-by-line source code review. Our security engineers follow the best practices and latest security developments to ensure the highest quality of the review. We encourage our customers to review our methodology and discuss any concerns and suggestions.
Upon completing the dApp security audit, you will become Proofed by Hacken, gaining the ultimate proof of the security of your dApp.
If your project meets Hacken’s partnership requirements, we will offer you an extended service package including marketing activities.
System overview and executive summary
A numerical score based on 4 parameters: security, documentation quality, code quality, architecture quality
Overview of every found issue with client-friendly recommendations on how to fix them
Years of Expertise
Clients from CMC TOP-300
dApp (Decentralized Application) is an application that interacts with a blockchain in one form or another (e.g. calls or reads from Smart Contracts; blockchain indexing, etc.). Usually, it helps with achieving something that is not possible with just Smart Contracts (like random), or for indexing some information that is not easily accessible through the blockchain directly (transaction history, custom Smart Contracts events, etc.).
Ensure secure blockchain interaction with dApp audit. dApps, such as wallets and cross-chain bridges, are connected to the blockchain. Most projects only audit smart contracts paying no attention to off-chain vulnerabilities. Hacken’s dApp audit is the best available choice for projects that want a high level of security. Focused on the off-chain code review, our dApp audit prevents the leakage of a private key and ensures a secure interaction of your dApp with the protocol.
dApp is not a Smart Contract. This is a normal application (client – something you can see with your eyes and interact with, or server – something that is hidden behind the UI) that interacts with one or several blockchains. It is not deployed on the blockchain, it deploys like a regular Web 2.0 application; the logic can be changed in the future after the deployment.
dApps use smart contracts to authorize transactions and interact with blockchain. Smart contract code is not the only code of a dApp. dApps also have off-chain code that doesn’t interact with the blockchain. This off-chain code is the target of the dApp audit.
dApps are deployed on blockchain and use smart contracts for app logic. Smart contracts are digital contracts that automatically execute transactions once predetermined conditions are met.
The most common exploits in the dApp audit environment are overconfidence in a node (or node provider), failure to account for blockchain branching out, incorrect validation of ENS records, weak authentication via message signing, unsafe private key storage, XSS/SQL injections from the blockchain data, misuse of checksum addresses, blockchain data inconsistency, incorrect integration with a smart contract and/or blockchain platform, usage of wrong data types, application architecture, repository consistency, code style consistency, and deprecated, vulnerable, or outdated Web3 libraries.
Deploying a dApp to the blockchain is different from traditional app development because making any changes after is difficult. Therefore, it’s vital to ensure security and the absence of any bugs before the launch. dApp security improvement practices are smart contract audit for the on-chain code and dApp audit for the off-chain code.
The dApp security audit performed by Hacken experts covers both the back-end and front-end of the decentralized app. A comprehensive dApp audit by a team of professionals will help protect your financial interests by identifying and removing all vulnerabilities and exploits.
dApp Audit by Hacken will help your project expand the possibilities of decentralized networks in finance, arts & collectibles, gaming and technology, and other segments. With a dApp audit, you can ensure that all blockchain superpowers, such as built-in payments, secure on-chain data, and user credentials, work as intended.
We encourage projects to use their internal resources to review their dApps. Internal audits can identify vulnerabilities. However, there is extra value to a professional dApp audit. A third-party auditing team offers an external call. This is the only way to receive an authoritative opinion and informed recommendations on your code from the outside. On top of that, the internal team may lack the necessary expertise or time to review dApp comprehensively. External audit firms have teams specializing in security research and dApp vulnerability assessment.
Hacken specialists will provide you with a report containing step-by-step client-friendly recommendations on how to eliminate detected issues.
The duration of a dApp contract audit varies depending on the audit scope and complexity. Generally, the audit duration is specified before the process starts so that a customer is aware of each stage in the process.