At Vield, protecting our users' assets and data is not just a priority—it’s a core principle. To uphold this standard, we partnered with Hashlock—an industry leading authority in blockchain and Web3 security audits, to perform an in-depth penetration test on our platform.
This comprehensive evaluation reinforces our commitment to providing a secure environment for our users to access crypto loans and utilise our innovative non-custodial crypto debit card.
Detailed Overview of the Hashlock Security Audit
Hashlock’s security experts undertook a systematic assessment of our platform, scrutinising our codebase, dependencies, and architecture. Here’s a closer look at the results:
1. Security Rating
Our codebase was rated as highly secure, reflecting its adherence to industry best practices and clear logical structure. The "Hashlocked" rating further acknowledges Vield’s use of proactive monitoring mechanisms and our commitment to future bug bounty programs.
2. Enhanced Security and Optimised Components
At Vield, we continually strive to strengthen our platform's security and ensure optimal functionality across all systems. Hashlock’s audit provided valuable insights that have helped us further refine and enhance several key components:
- Two-Factor Authentication (2FA) Privacy
Our backend API for 2FA has been optimised with advanced privacy protocols to safeguard sensitive authentication details, ensuring even greater protection for user accounts. - File Upload Controls
We’ve implemented stringent file-type whitelisting measures to ensure only approved file types are accepted, reinforcing system integrity and eliminating potential risks. - Phone Number Verification
Our system now employs enhanced server-side country code validation to align with front-end restrictions, ensuring seamless and consistent functionality across all platforms. - Code Quality Assurance
The audit confirmed our commitment to clean, well-documented code, with NatSpec-style comments that enhance clarity, traceability, and streamlined development processes. - Dependency Security
Vield utilises trusted, industry-standard open-source libraries, providing a reliable and secure foundation for platform operations. These libraries have been rigorously assessed and integrated for optimal performance and safety.
3. Comprehensive Testing Methodology
Hashlock employed a multi-layered testing approach, combining manual code reviews, automated tools, and interaction testing to simulate real-world threat scenarios. This exhaustive process included:
- Manual Code Review
Each line of code was assessed for logic errors, cryptographic vulnerabilities, and potential flaws in error handling. - User Interaction Simulations
Testing scenarios mimicked potential user behaviours to identify weak points in system interfaces and backend interactions. - Threat Modelling
The team evaluated attack surfaces and dependencies to develop an extensive security posture analysis.
4. Continuous Improvement and Security Vigilance
Passing Hashlock’s penetration test is a milestone, but security is our top priority. Vield is committed to maintaining the highest standards of protection by:
- Implementing continuous on-chain monitoring and alert systems.
- Regularly updating and optimising code to address emerging threats.
Trusted Infrastructure for Crypto-Backed Solutions
Vield's partnership with Hashlock reinforces our dedication to building a secure, user-centric platform. Whether you’re using our crypto-backed loan service or our non-custodial debit card, you can trust that every interaction on our platform is underpinned by rigorous security measures.
By combining innovation with diligence, we empower users to embrace decentralised finance without compromising on safety and security.
Access the full penetration testing report by Hashlock.
