Security Audit for Web App Dev Company
Featured Review- Blockchain Cybersecurity
- $10,000 to $49,999
- Nov. - Dec. 2024
- Quality
- 5.0
- Schedule
- 5.0
- Cost
- 5.0
- Willing to Refer
- 5.0
"They had exceptional professionalism and responsiveness from day one."
- Financial services
- Cayman Islands
- 1-10 Employees
- Online Review
- Verified
Hacken conducted a comprehensive smart contract security audit for a blockchain app development company. The scope included a code review, vulnerability assessment, and protocol architecture review.
Hacken's work resulted in the identification and resolution of eight findings, six of which were medium-severity issues. The team completed over 100,000 fuzz test runs, improved code quality, and delivered comprehensive documentation. Moreover, they demonstrated excellent project management.
The client submitted this review online.
BACKGROUND
Please describe your company and position.
I am the Project Lead of Aegis.im
Describe what your company does in a single sentence.
Aegis.im develops web applications on the Ethereum blockchain, enabling users to manage YUSD—a delta-neutral stablecoin with real-time transparency, built-in yield generation, and independence from the fiat banking system.
OPPORTUNITY / CHALLENGE
What specific goals or objectives did you hire Hacken to accomplish?
- Security Audit
SOLUTION
How did you find Hacken?
Online Search
Why did you select Hacken over others?
- High ratings
- Great culture fit
- Good value for cost
How many teammates from Hacken were assigned to this project?
6-10 Employees
Describe the scope of work in detail. Please include a summary of key deliverables.
Hacken performed a comprehensive smart contract security audit of our stablecoin protocol. From our very first interaction, the team demonstrated exceptional professionalism, offering not only the most competitive terms in the market but also outstanding service quality and expertise.
The scope of work included:
- Complete code review and security analysis of 14 smart contracts, including core protocol contracts (AegisMinting, AegisConfig, AegisOracle, AegisRewards) and supporting contracts
- Thorough vulnerability assessment identifying 8 total findings (6 medium severity, 2 low severity issues)
- Verification of system invariants through extensive fuzz-testing (100k+ test runs)
- Review of protocol architecture and documentation
- Assessment of potential security risks and centralization concerns
- Detailed recommendations for security improvements and best practices
Their team's approach stood out for several reasons:
- They had exceptional professionalism and responsiveness from day one.
- Market-leading terms and pricing
- Clear and consistent communication throughout the process
- Deep technical expertise and thorough methodology
- Comprehensive support during the remediation process
Key deliverables included:
- Comprehensive initial audit report
- Technical assessment of vulnerability fixes
- Final audit report with detailed findings and recommendations
- Verification of system invariants and security properties
- Additional security enhancement suggestions
The team demonstrated strong technical expertise in DeFi protocols and stablecoin systems specifically. Their thorough methodology, competitive pricing, and superior service quality made them the ideal choice for our security audit needs. The entire process was smooth and efficient, reflecting their commitment to excellence in both technical execution and client service.
RESULTS & FEEDBACK
What were the measurable outcomes from the project that demonstrate progress or success?
The audit produced several clear, measurable outcomes that demonstrated success:
1. Security Assessment Results:
- Identified and resolved 8 total findings
- Successfully fixed 7 vulnerabilities
- Zero critical or high-severity issues found
- All medium-severity issues (6) were addressed
- All low-severity issues (2) were remediated
2. Testing Coverage:
- Completed 100,000+ fuzz test runs
- Verified 2 critical system invariants
- Achieved 100% success rate on core functionality tests
- Successfully tested protocol behavior with both 6 and 18-decimal point collateral tokens
3. Code Quality Improvements:
- Implemented safer signature verification mechanisms
- Enhanced Oracle price validation
- Improved precision handling in mathematical operations
- Strengthened access control mechanisms
- Added blacklisting functionality for regulatory compliance
4. Documentation and Architecture:
- Comprehensive security report delivered
- Detailed technical documentation provided
- Clear remediation guidelines for all findings
- Complete architecture review completed
These outcomes significantly improved our protocol's security and reliability, preparing it for safe deployment.
Describe their project management. Did they deliver items on time? How did they respond to your needs?
Hacken demonstrated excellent project management throughout the audit process. The team maintained a highly structured and professional approach from start to finish:
Timeline Management:
- Delivered a preliminary report on December 4, 2024
- Completed the final report on schedule by December 13, 2024
- Maintained consistent communication throughout the audit period
Responsiveness to Needs:
- Provided comprehensive support during the vulnerability remediation process
- Thoroughly reviewed and verified our fixes
- Clear and prompt communication about findings and recommendations
- Demonstrated flexibility in addressing our specific protocol requirements
- Went above and beyond by providing additional security enhancement suggestions
The audit team, led by Grzegorz and Ataberk, with approval from Przemyslaw, showed strong technical expertise and responsiveness. They methodically worked through complex protocol aspects, providing detailed explanations and practical solutions for each identified issue.
Their step-by-step approach to issue resolution and verification ensured that we could implement fixes effectively while maintaining our development timeline. The team was particularly helpful in providing guidance on best practices and suggesting improvements beyond just identifying vulnerabilities.
What was your primary form of communication with Hacken?
Virtual Meeting
What did you find most impressive or unique about this company?
Hacken proved to be perfect in every detail - from communication to documentation to the technical execution itself. Everything was meticulously prepared and delivered at the highest professional level.
Their technical work demonstrated:
- Comprehensive and thorough security assessment methodology
- Deep expertise in DeFi protocols and stablecoin architecture
- Rigorous testing with 100,000+ fuzz test runs
- Detailed, actionable recommendations for all findings
Their documentation was exemplary:
- Clear, structured audit reports
- Well-organized technical findings
- Comprehensive remediation guidelines
- Thoughtful architectural recommendations
Most impressively, their communication and service were flawless:
- Clear and responsive from first contact
- Consistent professional engagement throughout the project
- Excellent project management and timeline adherence
- Proactive updates and status reporting
- Collaborative approach to issue resolution
Everything was meticulously prepared and delivered at the highest professional level. Hacken exceeded expectations in every aspect of the engagement.
Their technical expertise and attention to detail resulted in thorough security assessment and valuable recommendations for our protocol.
The value received significantly exceeded the cost, considering the depth of analysis, quality of deliverables, and level of expertise provided.
Maintained consistent progress updates and completed all work phases on schedule while ensuring thorough analysis.
Are there any areas for improvement or something Hacken could have done differently?
I have no suggestions for improvement - Hacken delivered even more than I expected. Their performance exceeded our expectations in every aspect of the audit engagement. The level of professionalism, technical expertise, and attention to detail were truly exceptional, and they went above and beyond what was initially outlined in the scope of work.
Not only did they complete everything perfectly within the agreed scope, but they also provided additional valuable insights and recommendations that enhanced our protocol's security even further. It's rare to find a service provider that consistently exceeds expectations, but Hacken managed to do precisely that.
RATINGS
-
Quality
5.0Service & Deliverables
"Exceptional quality across all deliverables. The audit report was comprehensive, well-structured, and provided clear, actionable insights."
-
Schedule
5.0On time / deadlines
"Perfect timeline execution with preliminary report delivered on December 4 and final report on December 13 as planned."
-
Cost
5.0Value / within estimates
"Hacken offered the most competitive terms in the market while delivering premium quality service."
-
Willing to Refer
5.0NPS