Solutions

Company

Resources

Blog

Contact

Login

    • Assurance

      Smart Contract Assessment

      Securing code integrity, protecting digital assets

      Blockchain Layer 1 Assessment

      Assessing protocols, securing blockchain foundations

      Code Security Audit

      Uncovering flaws, strengthening software integrity

      Web Application Penetration Testing

      Exposing weaknesses, fortifying digital defenses

      Cloud Infrastructure Penetration Testing

      Securing configurations, protecting critical environments

      Red Team Exercise

      Simulating real-world attacks, strengthening defenses

      AI Red Teaming

      Testing AI systems against real threats

      AI Security Assessment

      Securing AI models, data, and pipelines

    • Advisory

      AI Advisory

      Guiding secure, strategic AI adoption forward

      Risk Assessment

      From unknown threats to actionable insights

      Blockchain Architecture Assessment

      Optimizing architecture for tomorrow’s networks

      Compliance Readiness

      Stay ready as regulations evolve

      Custody and Key Management Assessment

      Securing the heart of digital custody

      Technical Due Diligence

      See the risks before you invest

      Technical Training

      Empower your teams to secure what matters

    • Who We Are

      The best security engineers in the world

      Careers

      Work with the elite

      Who Trusts Us

      The trusted security advisor for blockchain and financial services industries

      Brand

      Access official logos, fonts, and guidelines

      Service Commitments

      Committed to Protecting Your Data

    • Audits

      In-depth evaluations of smart contracts and blockchain infrastructures

      BVSS

      Blockchain Vulnerability Scoring System

      Disclosures

      All the latest vulnerabilities discovered by Halborn

      Case Studies

      How Halborn’s solutions have empowered clients to overcome security issues

      Reports

      Comprehensive reports and data

  • Blog

  • Contact

  • Login

THIS WEBSITE USES COOKIES

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you've provided to them or that they've collected from your use of their services. You consent to our cookies if you continue to use our website. Learn More.

STAY CURRENT WITH HALBORN

Subscribe to the monthly Halborn Digest for our top blogs and videos, major company announcements, new whitepapers, webinar and event invites, and one exclusive interview.

ADVISORY SERVICES

AI AdvisoryRisk AssessmentBlockchain Architecture AssessmentCompliance ReadinessCustody and Key Management AssessmentTechnical Due DiligenceTechnical Training

ASSURANCE SERVICES

AI Security AssessmentAI Red TeamingSmart Contract AssessmentBlockchain Layer 1 AssessmentCode Security AuditWeb Application Penetration TestingCloud Infrastructure Penetration TestingRed Team Exercise

COMPANY

Who We AreWho Trusts UsService CommitmentsCareersBrandBlogContact

RESOURCES

AuditsDisclosuresReportsBVSSCase Studies
Halborn Logo
Privacy PolicyTerms of UseVulnerability Disclosure Policy

© Halborn 2025. All rights reserved.

Background

// Security Assessment

09.26.2024 - 10.07.2024

PerpDex

K-Bit

Halborn logotext
← Back to Audits

PerpDex - K-Bit

Prepared by:

Halborn Logo

HALBORN

Last Updated 09/08/2025

Date of Engagement: September 26th, 2024 - October 7th, 2024

Summary

97% of all REPORTED Findings have been addressed

All findings

33

Critical

0

High

1

Medium

10

Low

8

Informational

14

Table of Contents

  • 1. Introduction
  • 2. Assessment summary
  • 3. Scope
  • 4. Findings overview

1. Introduction

K-BIT engaged our security analysis team to conduct a comprehensive security audit of their smart contract ecosystem. The primary aim was to meticulously assess the security architecture of the smart contracts to pinpoint vulnerabilities, evaluate existing security protocols, and offer actionable insights to bolster security and operational efficacy of their smart contract framework. Our assessment was strictly confined to the smart contracts provided, ensuring a focused and exhaustive analysis of their security features.

2. Assessment Summary

Our engagement with K-BIT spanned a 1-week period, during which we dedicated one full-time security engineer equipped with extensive experience in blockchain security, advanced penetration testing capabilities, and profound knowledge of various blockchain protocols. The objectives of this assessment were to:

- Verify the correct functionality of smart contract operations.

- Identify potential security vulnerabilities within the smart contracts.

- Provide recommendations to enhance the security and efficiency of the smart contracts.

3. SCOPE

Out-of-Scope: New features/implementations after the remediation commit IDs.

4. Findings Overview

Security analysisRisk levelRemediation
Incorrect fee calculation during Pyth oracle interactionsHighSolved - 10/31/2024
Position size validation misplacedMediumSolved - 10/31/2024
Inadequate position status and leverage checksMediumSolved - 10/31/2024
Unrestricted token address updateMediumSolved - 11/10/2024
Signature vulnerability due to lack of chain-specific and contract-specific dataMediumSolved - 10/31/2024
Vulnerability in closePosition due to insecure user signature verificationMediumSolved - 10/31/2024
Signature replay vulnerability in setFeePercent and registerReferrerMediumRisk Accepted - 10/31/2024
Protocol does not account for USDT transfer feesMediumSolved - 10/31/2024
Incorrect liquidation price calculation due to leverage roundingMediumSolved - 10/31/2024
Inconsistent update timestamp valueMediumSolved - 10/31/2024
Inconsistent mapping during price submissionMediumSolved - 10/31/2024
Incorrect loss check during close position logicLowSolved - 10/31/2024
Incorrect timestamp comparisonLowSolved - 10/31/2024
Arbitrage opportunities between different data feeds in trading actionsLowRisk Accepted - 10/31/2024
Duplicate admin entries allowedLowNot Applicable
Single-step ownership transferLowRisk Accepted - 10/31/2024
Inconsistent price timestamp validation across oracles and outdated price checksLowRisk Accepted - 10/31/2024
Merge operations could be automated during position opening for integrityLowSolved - 10/31/2024
Missing checks on submitted priceLowSolved - 10/31/2024
Insufficient test coverage with mocked oracle interactions and no chain forkingInformationalSolved - 10/31/2024
Unutilized pause functionality and single-role controlInformationalNot Applicable
Lack of EIP-1271 support for non-EOA addressesInformationalAcknowledged - 10/31/2024
Function not callable when pausedInformationalSolved - 10/31/2024
Code duplication in checkPriceDataOrder functionInformationalNot Solved - 10/31/2024
Inefficient gas usage in Pyth price feed updatesInformationalAcknowledged - 10/31/2024
Redundant check call when fetching previous pricesInformationalAcknowledged - 10/31/2024
Underflow in liquidation priceInformationalSolved - 10/31/2024
Redundant margin checkInformationalSolved - 10/31/2024
Late validation checks in `openLimitOrder` functionInformationalSolved - 10/31/2024
Incorrect message for pending limit order statusInformationalNot Applicable
Inefficient removal of positionInformationalSolved - 10/31/2024
Redundant checkInformationalSolved - 10/31/2024
Inconsistent profit margin comparisonInformationalSolved - 10/31/2024

Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.

Table of Contents

  • 1. Introduction
  • 2. Assessment summary
  • 3. Scope
  • 4. Findings overview

// Download the full report

PerpDex

* Use Google Chrome for best results

** Check "Background Graphics" in the print settings if needed