Auditing Sweat Wallet’s Growth Jar Contract: A Case Study
Hacken audited Sweat Wallet’s Growth Jar contract. Here’s the overview of the final audit score and key findings.
🇺🇦 Hacken stands with Ukraine!Learn more
The case of Jungle confirms Hacken’s deep expertise in dealing with NFT projects. Our cybersecurity approach to NFT projects originates from their distinct needs and business context. Most NFT marketplaces have the following key business requirements:
We know what NFT businesses need. We know the most common and the most complex attack vectors. That’s why Hacken’s cybersecurity services are so effective.
Our client Jungle is an NFT marketplace where people collect, sell, or create NFTs on the Ethereum blockchain. Jungle’s mission is to pioneer the future of crypto art by empowering artists to find success in the digital era – free from fake NFTs. Jungle positions itself as the marketplace for authentic NFTs only, where people get rewarded for trading.
Jungle’s primary offering is providing a safe and secure NFT platform
Jungle requested Hacken’s services as they wanted to achieve robust security for their entire NFT marketplace. In their business of digital art collectibles the word “safety” means the following:
According to Kamron Yazdani, Director of Marketing at Jungle, “Our sole focus as a brand is to provide the most optimal user experience. At the core of that is safety and security. The product cannot be viable without a secure platform.”
Secure transactions and wallet integration are vital for Jungle
Jungle works with MoonPay and supports MetaMask, WalletConnect, Coinbase Wallet, Formatic, and TrustWallet. Their goal is to make payments easy, quick, and secure. At Hacken, we understand these needs and integrate them into our offerings.
How did the partnership with Hacken begin? According to Kamron Yazdani, Director of Marketing at Jungle, Hacken had been on the radar of their technical team for quite some time. Jungle’s CTO evaluated us against other top-notch auditors. In the end, Hacken’s reputation for delivering robust 360-degree security convinced Jungle’s team to move forward with us. The three criteria that helped Hacken strike a deal with Jungle:
In May 2022, Jungle requested our bug bounty and pentesting services. Launching a bug bounty program is an effective approach for rising NFT marketplaces to stay secure:
For their program, Jungle chose HackenProof and received all the benefits of working with the industry leader in bug bounties:
Their team remarked HackenProof’s Full Triage service which other companies don’t provide as one of the reasons for choosing us.
Currently, HackenProof is running two programs for Jungle, including Smart Contract Bounty with a record-high max bounty of $1 million. Jungle is looking for evidence and reasons for the incorrect behavior of the smart contract, which could cause unintended functionality and lead to the most common smart contract vulnerabilities.
|Bug Bounty Name||Jungle Web Bounty||Jungle Smart Contract|
|Timeline||08 Nov 2022 – ∞||08 Nov 2022 – ∞|
Business logic issues and payments manipulation
Remote code execution (RCE)
Injection vulnerabilities (SQL, XXE)
File inclusions (Local & Remote)
Access Control Issues (IDOR, Privilege Escalation, etc.)
Leakage of sensitive information
Server-Side Request Forgery (SSRF)
Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS)Directory traversal
Stealing or loss of funds
Attacks on logic (behavior of the code is different from the business description)
Over and underflows
Jungle’s decision to go with bug bounty is a winning strategy for the marketplace’s security. HackenProof gives them continuous bug detection where they only pay for proven and in-scope bugs. It also engages their growing community by giving anyone a chance to detect bugs and earn rewards for their important contributions.
In addition to bug bounty programs, Jungle requested Penetration Testing from Hacken. Hacken’s Penetration Testing offers an accurate and comprehensive assessment of risks. For Jungle, this is the best way to proactively identify complex, multivector vulnerabilities of their Web app based on exploitation risks. Hacken performs testing in a simulated environment, so there is no harm to the client’s systems.
Jungle’s cooperation with Hacken started with bug bounties and pentests. But it doesn’t stop there. The client is now requesting auditing services for their smart contracts. Kamron Yazdani provided a few insights into how Jungle chose Hacken, “Hacken’s bug bounty program was one of the reasons we proceeded with audits.”
With a record-high bug bounty program, comprehensive penetration testing as a service, and effective smart contract audits, Jungle is about to experience the full power of 360-degree security. This Web3 cybersecurity “full house” proves Jungle’s unchallenged commitment to creating the safest NFT marketplace.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email[contact-form-7 id="8165" title="Subscribe"]