Prepared by:
HALBORN
Last Updated 10/15/2025
Date of Engagement: February 10th, 2025 - March 7th, 2025
100% of all REPORTED Findings have been addressed
All findings
14
Critical
0
High
0
Medium
1
Low
0
Informational
13
Securitizeengaged Halborn to conduct a security assessment on their RWA Token Solana program beginning on February 10th, 2025, and ending on March 7th, 2025. The security assessment was scoped to the Solana Program provided in rwa-token GitHub repository. Commit hashes and further details can be found in the Scope section of this report.
The RWA Token is a suite of programs designed to issue and manage the lifecycle of real-world asset tokens. It consists of the following programs:
Asset Controller: Manages core asset operations and enforces standardized transfer controls. It mints assets using the Token-2022 Standard (Token Extensions) with the Transfer-Hook and Permanent Delegate extensions. These features allow issuers to maintain control over tokens throughout their lifecycle, enabling actions such as freezing, seizing, and regulating transactions based on identity permissions.
Identity Registry: Provides a flexible identity issuance and tracking system to facilitate on-chain transaction permissioning. It is designed to support various regulatory frameworks by assigning identity levels to users. The issuer defines the meaning of these identity levels based on the specific requirements of their offering.
Policy Engine: Serves as an on-chain policy enforcement mechanism, ensuring transactions comply with identity-based restrictions. It validates transactions via the transfer-hook integrated into the program, enforcing regulatory and issuer-defined policies.
Halborn was provided 18 days for the engagement and assigned two full-time security engineers to review the security of the Solana Programs in scope. The engineers are blockchain and smart contract security experts with advanced smart contract hacking skills, and deep knowledge of multiple blockchain protocols.
The purpose of the assessment is to:
Identify potential security issues within the Solana Programs.
Ensure that smart contract functionality operates as intended.
In summary, Halborn identified some improvements to reduce the likelihood and impact of risks, which were partially addressed by the Securitize team. The main ones are the following:
Add a verification to ensure the signer is an expected and trusted entity.
Close all related accounts when the mint is closed or preventing mint closure altogether to maintain proper tracking of associated accounts.
Add a check to ensure the authority of the revoke_token_account matches the identity owner or the wallet of the wallet identity.
Add a validation to ensure the total amount of the tracker_account for the identity_account to be closed is zero.
Ensure the delegation functionality is implemented consistently across all programs or remove it entirely if it is not needed.
Require the wallet account to be a signer in the transaction, verifying its legitimacy and ownership.
Verify that new counters have unique IDs.
Adapt counters removal to remove counters based on IDs instead of vector indices.
Halborn performed a combination of a manual review of the source code and automated security testing to balance efficiency, timeliness, practicality, and accuracy in regard to the scope of the program assessment. While manual testing is recommended to uncover flaws in business logic, processes, and implementation; automated testing techniques help enhance coverage of programs and can quickly identify items that do not follow security best practices.
The following phases and associated tools were used throughout the term of the assessment:
Research into the architecture, purpose, and use of the platform.
Manual program source code review to identify business logic issues.
Mapping out possible attack vectors
Thorough assessment of safety and usage of critical Rust variables and functions in scope that could lead to arithmetic vulnerabilities.
Scanning dependencies for known vulnerabilities (cargo audit).
| EXPLOITABILITY METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Attack Origin (AO) | Arbitrary (AO:A) Specific (AO:S) | 1 0.2 |
| Attack Cost (AC) | Low (AC:L) Medium (AC:M) High (AC:H) | 1 0.67 0.33 |
| Attack Complexity (AX) | Low (AX:L) Medium (AX:M) High (AX:H) | 1 0.67 0.33 |
| IMPACT METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Confidentiality (C) | None (C:N) Low (C:L) Medium (C:M) High (C:H) Critical (C:C) | 0 0.25 0.5 0.75 1 |
| Integrity (I) | None (I:N) Low (I:L) Medium (I:M) High (I:H) Critical (I:C) | 0 0.25 0.5 0.75 1 |
| Availability (A) | None (A:N) Low (A:L) Medium (A:M) High (A:H) Critical (A:C) | 0 0.25 0.5 0.75 1 |
| Deposit (D) | None (D:N) Low (D:L) Medium (D:M) High (D:H) Critical (D:C) | 0 0.25 0.5 0.75 1 |
| Yield (Y) | None (Y:N) Low (Y:L) Medium (Y:M) High (Y:H) Critical (Y:C) | 0 0.25 0.5 0.75 1 |
| SEVERITY COEFFICIENT () | COEFFICIENT VALUE | NUMERICAL VALUE |
|---|---|---|
| Reversibility () | None (R:N) Partial (R:P) Full (R:F) | 1 0.5 0.25 |
| Scope () | Changed (S:C) Unchanged (S:U) | 1.25 1 |
| Severity | Score Value Range |
|---|---|
| Critical | 9 - 10 |
| High | 7 - 8.9 |
| Medium | 4.5 - 6.9 |
| Low | 2 - 4.4 |
| Informational | 0 - 1.9 |
Critical
0
High
0
Medium
1
Low
0
Informational
13
| Security analysis | Risk level | Remediation Date |
|---|---|---|
| Asset Controller may be created by an unauthorized entity | Medium | Solved - 03/02/2025 |
| Residual accounts left after mint closure | Informational | Solved - 03/02/2025 |
| Lack of validation in token revocation can lead to data inconsistencies | Informational | Solved - 03/06/2025 |
| Potential permanent tokens locked due to missing tracker total amount validation | Informational | Solved - 03/03/2025 |
| Delegation implementation may lead to inconsistencies | Informational | Solved - 03/02/2025 |
| Possibility to add counters with duplicate IDs may lead to inconsistencies | Informational | Solved - 03/05/2025 |
| Lack of wallet validation when attaching may lead in Denial Of Service | Informational | Acknowledged - 03/09/2025 |
| Possibility to remove incorrect counters | Informational | Solved - 03/05/2025 |
| Lack of verification of the new delegate of the identity registry | Informational | Solved - 03/02/2025 |
| Incorrect reallocation wastes resources and increases account rent | Informational | Solved - 03/02/2025 |
| New lock values check missing | Informational | Acknowledged - 03/06/2025 |
| Superfluos requested accounts | Informational | Solved - 03/09/2025 |
| Lack of checked arithmetical operation enforcement | Informational | Solved - 03/06/2025 |
| Program may panic due to index out of bounds | Informational | Solved - 03/06/2025 |
//Medium
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.
// Download the full report
Securitize - SCA (RWA Token)
* Use Google Chrome for best results
** Check "Background Graphics" in the print settings if needed
