← Back to Audits

HBAR Suite - HSuite

Prepared by:

Halborn Logo

HALBORN

Last Updated 01/30/2026

Date of Engagement: January 9th, 2026 - January 20th, 2026

Summary

100% of all REPORTED Findings have been addressed

All findings

3

Critical

0

High

0

Medium

1

Low

1

Informational

1

Table of Contents

1. Introduction

HSuite engaged Halborn to conduct a web application review on their DEX application. The security assessment was scoped to application provided to Halborn to conduct the assessment.

This report contains a detailed list of findings, highlighting the severity and impact of each one and certain proposed resolutions.

2. Assessment Summary

Halborn performed a security assessment of the client’s application to evaluate the overall robustness of its core functionality and identify potential risks that could impact reliability, integrity, and user trust. The review focused on key areas of the platform, including critical backend API behavior and components related to pool operations within the DEX.

Overall, the assessment identified opportunities to strengthen how the system handles edge cases and unexpected user behavior. In particular, the review highlighted scenarios where normal user actions could lead to unintended outcomes, such as the ability to influence pool balances outside of the expected configuration, as well as cases where invalid inputs caused the application to return internal server errors. While some of these issues were not directly exploitable on their own, addressing them will improve platform stability and reduce the risk of future abuse.

It is recommended to prioritize improvements in validation, safeguards around pool operations, and general resilience controls. Implementing these measures will enhance the consistency of the platform, reduce operational risk, and provide a more reliable experience for end users.


3. Scope

    • https://testnet.silksuite.app/

    • https://testnet-sn1.hbarsuite.network

    • https://testnet-sn2.hbarsuite.network

    • https://testnet-sn3.hbarsuite.network

    • https://testnet-sn4.hbarsuite.network


4. RISK METHODOLOGY

Halborn assesses the severity of findings using either the Common Vulnerability Scoring System (CVSS) framework or the Impact/Likelihood Risk scale, depending on the engagement. CVSS is an industry standard framework for communicating characteristics and severity of vulnerabilities in software. Details can be found in the CVSS Specification Document published by F.I.R.S.T.
Vulnerabilities or issues observed by Halborn scored on the Impact/Likelihood Risk scale are measured by the LIKELIHOOD of a security incident and the IMPACT should an incident occur. This framework works for communicating the characteristics and impacts of technology vulnerabilities. The quantitative model ensures repeatable and accurate measurement while enabling users to see the underlying vulnerability characteristics that were used to generate the Risk scores. For every vulnerability, a risk level will be calculated on a scale of 5 to 1 with 5 being the highest likelihood or impact.
RISK SCALE - LIKELIHOOD
  • 5 - Almost certain an incident will occur.
  • 4 - High probability of an incident occurring.
  • 3 - Potential of a security incident in the long term.
  • 2 - Low probability of an incident occurring.
  • 1 - Very unlikely issue will cause an incident.
RISK SCALE - IMPACT
  • 5 - May cause devastating and unrecoverable impact or loss.
  • 4 - May cause a significant level of impact or loss.
  • 3 - May cause a partial impact or loss to many.
  • 2 - May cause temporary impact or loss.
  • 1 - May cause minimal or un-noticeable impact.
The risk level is then calculated using a sum of these two values, creating a value of 10 to 1 with 10 being the highest level of security risk.
Critical
High
Medium
Low
Informational
  • 10 - CRITICAL
  • 9 - 8 - HIGH
  • 7 - 6 - MEDIUM
  • 5 - 4 - LOW
  • 3 - 1 - VERY LOW AND INFORMATIONAL

5. SCOPE

Remediation Commit ID:
Out-of-Scope: New features/implementations after the remediation commit IDs.

6. Assessment Summary & Findings Overview

Critical

0

High

0

Medium

1

Low

1

Informational

1

Security analysisRisk levelRemediation Date
Potential Unbalanced PoolMediumSolved - 01/29/2026
Unhandled Exception in /pools/balanceLowSolved - 01/25/2026
Large JavaScript File Loaded on Application StartupInformationalAcknowledged

7. Findings & Tech Details

7.1 Potential Unbalanced Pool

//

Medium

Description
Proof of Concept
Score
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H(5.3)
Recommendation
Remediation Comment

7.2 Unhandled Exception in /pools/balance

//

Low

Description
Proof of Concept
Score
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N(3.1)
Recommendation
Remediation Comment
Remediation Hash
https://github.com/HSuiteNetwork/smart-node/commit/63a9733781bf11dcd10598a8e8a4e22f3912af63

7.3 Large JavaScript File Loaded on Application Startup

//

Informational

Description
Proof of Concept
Score
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N(0.0)
Recommendation
Remediation Comment

Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.

// Download the full report

HBAR Suite

* Use Google Chrome for best results

** Check "Background Graphics" in the print settings if needed