Announcing new Hacken service – dApp Audit! 

Hacken now offers a new service – dApp Audit – to provide even more security to Web3 projects. dApp Audit by Hacken means a comprehensive code review and analysis of the off-chain part of the decentralized app to ensure safe and secure blockchain interaction. 

What’s unique about dApp Audit by Hacken?

dApp is not a smart contract; securing it requires a different approach

Our market research revealed a lack of comprehensive security solutions specifically for decentralized apps. When talking about dApp audits, other cybersecurity companies and projects think about smart contracts. While it’s undoubtedly true that dApps interact with smart contracts, dApp is not a smart contract. In other words, all dApp audits available on the market are concerned with smart contracts rather than actual apps. We already have the solution for smart contracts security – Smart Contract Audit. But there’s no security solution for the app itself. As a result, the off-chain component remains the most overlooked part of the Web3 ecosystem in terms of security.

Hacken is the first to develop an audit methodology for off-chain infrastructure interacting with the blockchain. We are also the first to ship it as a service.

What is dApp?

dApp (Decentralized Application) is an application that interacts with a blockchain in one form or another (e.g., calls or reads from Smart Contracts, blockchain indexing, etc.). Usually, it helps achieve something that is not possible with just Smart Contracts (like random) or index some information that is not easily accessible through the blockchain directly (transaction history, custom Smart Contracts events, etc.).

dApp – an app that interacts with blockchain

dApp is a regular application (client – something you can see with your eyes and interact with, or server – something hidden behind the UI). The only difference is interaction with one or several blockchains. It is not deployed on the blockchain. It deploys like a regular Web 2.0 application. Developers can change the logic in the future after the deployment. The dApp code can be written in any programming language. Most use Java, Python, JavaScript, C#, and Rust.

Why audit dApp?

The off-chain component is the weakest point and needs attention

Most projects only audit smart contracts paying little attention to off-chain vulnerabilities. As a result, a decentralized application (dApp) is the most overlooked part of the Web3 ecosystem in terms of security. dApp audit targeted at the off-chain component helps projects create and maintain secure integrations with blockchains.

“It is not enough to audit just the smart contracts – the system is only as secure as its weakest component. By doing the dApp audit with us, you can ensure that the off-chain components will not become that weakest point.”

Yehvenii Bezuhlyi, Head of Smart Contracts Audits Department

According to DefiLlama, there have been more than 30 high-profile dApp exploits for approximately $1.5 billion in total damages. These include a few dApp hacks where losses exceeded $100 million. dApps face inherently different threats than smart contracts. The most common dApp vulnerabilities are

• overconfidence in a node (or node provider);
• failure to account for blockchain branching out;
• incorrect validation of ENS records;
• weak authentication via message signing;
• unsafe private key storage;
• XSS/SQL injections from the blockchain data;
• misuse of checksum addresses;
• blockchain data inconsistency;
• incorrect integration with a smart contract and/or blockchain platform, usage of wrong data types, application; architecture, repository consistency, code style consistency;
• deprecated, vulnerable, or outdated Web3 libraries.

If exploited, these vulnerabilities may lead to a private key loss or data breach.

What projects need dApp audits?

Wallets & Cross-Chain Bridges

In general, any app that sends or signs transactions, stores private keys or seed phrases, reacts to blockchain events, indexes blockchain data, or uses message signing for authentication will benefit from a dApp audit. For example, 100% of all wallets and cross-chain bridges require dApp audits.

dApp Audit by Hacken is an integral security measure to protect assets and reputation. Combined with Smart Contract Audit and Penetration Testing, dApp Audit will help projects secure the off-chain component, avoid costly errors, and increase community trust.