Prepared by:
HALBORN
Last Updated 10/10/2025
Date of Engagement: October 7th, 2025 - October 7th, 2025
100% of all REPORTED Findings have been addressed
All findings
1
Critical
0
High
1
Medium
0
Low
0
Informational
0
GoKite-AI engaged Halborn to conduct a security assessment on the Kite token smart contract beginning on October 7, 2025 and ending on October 7, 2025. The security assessment was scoped to the smart contract provided to Halborn. Commit hashes and further details can be found in the Scope section of this report.
The contract in scope implements the ERC-20 token standard using the OpenZeppelin library.
Halborn was provided with 1 day for this engagement and assigned 1 full-time security engineer to review the security of the smart contracts in scope. The assigned engineer possess deep expertise in blockchain and smart contract security, including hands-on experience with multiple blockchain protocols.
The objectives of this assessment were to:
Identify potential security vulnerabilities within the smart contracts.
Ensure that the smart contracts function as intended.
In summary, Halborn identified an improvement to reduce the likelihood and impact of security risks, which was succesfully addressed by the GoKite-AI team:
Add the missing pause control functions to the contract to expose the inherited pause/unpause functionality and make the ERC20Pausable mechanism usable for emergency response scenarios.
Halborn performed a combination of a manual review of the source code and automated security testing to balance efficiency, timeliness, practicality, and accuracy in regard to the scope of the program assessment. While manual testing is recommended to uncover flaws in business logic, processes, and implementation; automated testing techniques help enhance coverage of programs and can quickly identify items that do not follow security best practices.
The following phases and associated tools were used throughout the term of the assessment:
Research into the architecture and purpose of the smart contracts.
Manual code review and walkthrough of the smart contracts.
Manual assessment of critical Solidity variables and functions to identify potential vulnerability classes.
Manual testing using custom scripts.
Static security analysis of the scoped contracts and imported functions.
Local deployment and testing with Foundry & Hardhat.
| EXPLOITABILITY METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Attack Origin (AO) | Arbitrary (AO:A) Specific (AO:S) | 1 0.2 |
| Attack Cost (AC) | Low (AC:L) Medium (AC:M) High (AC:H) | 1 0.67 0.33 |
| Attack Complexity (AX) | Low (AX:L) Medium (AX:M) High (AX:H) | 1 0.67 0.33 |
| IMPACT METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Confidentiality (C) | None (C:N) Low (C:L) Medium (C:M) High (C:H) Critical (C:C) | 0 0.25 0.5 0.75 1 |
| Integrity (I) | None (I:N) Low (I:L) Medium (I:M) High (I:H) Critical (I:C) | 0 0.25 0.5 0.75 1 |
| Availability (A) | None (A:N) Low (A:L) Medium (A:M) High (A:H) Critical (A:C) | 0 0.25 0.5 0.75 1 |
| Deposit (D) | None (D:N) Low (D:L) Medium (D:M) High (D:H) Critical (D:C) | 0 0.25 0.5 0.75 1 |
| Yield (Y) | None (Y:N) Low (Y:L) Medium (Y:M) High (Y:H) Critical (Y:C) | 0 0.25 0.5 0.75 1 |
| SEVERITY COEFFICIENT () | COEFFICIENT VALUE | NUMERICAL VALUE |
|---|---|---|
| Reversibility () | None (R:N) Partial (R:P) Full (R:F) | 1 0.5 0.25 |
| Scope () | Changed (S:C) Unchanged (S:U) | 1.25 1 |
| Severity | Score Value Range |
|---|---|
| Critical | 9 - 10 |
| High | 7 - 8.9 |
| Medium | 4.5 - 6.9 |
| Low | 2 - 4.4 |
| Informational | 0 - 1.9 |
Critical
0
High
1
Medium
0
Low
0
Informational
0
| Security analysis | Risk level | Remediation Date |
|---|---|---|
| Missing pause and unpause function in contract | High | Solved - 10/07/2025 |
//High
Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.
// Download the full report
Kite
* Use Google Chrome for best results
** Check "Background Graphics" in the print settings if needed
