Solana-Launchpad-Assessment - Blockstreet

1. Introduction

Blockstreet engaged Halborn to conduct a security assessment on their Blockstreet Launchpad program beginning on August 28, 2025 and ending on September 26, 2025. The security assessment was scoped to the smart contracts provided in the GitHub repository Blockstreet-Launchpad, commit hashes, and further details can be found in the Scope section of this report.

The Blockstreet team is releasing a new version their Blockstreet Launchpad Solana program. This program is a decentralized fundraising platform that enables crypto projects to raise capital through token sales by creating fundraising pools where investors can contribute funds in exchange for project tokens, featuring staking systems, fee collection mechanisms, and pool lifecycle management.

2. Assessment Summary

Halborn was provided 22 business days for the engagement and assigned one full-time security engineer to review the security of the Solana Programs in scope. The engineer is a blockchain and smart contract security expert with advanced smart contract hacking skills, and deep knowledge of multiple blockchain protocols.

The purpose of the assessment is to:

• Identify potential security issues within the Solana Program.

• Ensure that smart contract functionality operates as intended.

In summary, Halborn identified some improvements to reduce the likelihood and impact of risks, which were mostly addressed by the Blockstreet team. The main ones were the following:

• Exclude platform fees from pool accounting calculations to ensure accurate fund tracking

• Implement proper treasury account ownership validation in all the instructions where it is not implemented

• Fix issues in the cancel contribution functionality to ensure users can properly cancel contributions