Client Overview
RECC is the first Solana-native protocol for real estate-backed lending, designed to let users deposit stablecoins (USDC) and allocate them into tokenized real estate loans. Each project is vetted, documented, and executed by professional developers. In return, users receive RPST tokens (LP tokens) that represent their lending position. These tokens can be held until maturity, redeemable for principal and yield, or traded on secondary markets such as Raydium, giving users liquidity before the term ends.
By bridging DeFi mechanics with real estate, RECC creates an innovative way for investors to access stable, asset-backed yield while maintaining the liquidity that decentralized finance enables.
Key Security Challenges
As RECC prepared to expand its platform, two major risks were identified:
Risk of drained investor funds
A missing validation check in RECC’s system could have allowed a malicious actor to trick the protocol into interacting with a fake program. If exploited, this would have given the attacker a way to drain all funds from investor vaults.
Risk of blocked liquidity creation
Attackers could have jumped ahead of RECC by creating the same liquidity pool first. If this happened, RECC would not have been able to set up its pool, which would have blocked investors from moving funds into external markets.
Both vulnerabilities had the potential to disrupt RECC’s core operations, put user funds at risk, and delay the rollout of critical functionality.
Halborn’s Solutions
Halborn worked closely with RECC’s developers to design a simple but powerful safeguard. Instead of waiting until later to set up liquidity pools, Halborn recommended that RECC pre-create the pool in a controlled way with a very small amount of liquidity. This ensured that no one else could “front-run” RECC, while still allowing the pool to expand securely once real investments flowed in.
RECC’s CEO, Alejandro Watters, emphasized how quickly Halborn understood the nuances of their business: “There is no other project in the ecosystem that tries to understand in such a deep way the core of the business as Halborn. What could take others a whole week to understand, Halborn’s team managed with only a couple of questions.”
By combining technical expertise with a strong grasp of RECC’s lending model, Halborn was able to deliver a fix that was both secure and aligned with the company’s business needs.
Outcomes Beyond the Core Audit
Halborn’s engagement delivered value beyond fixing the immediate risks:
RECC now has a secure workflow for launching property-backed liquidity pools, making it much harder for attackers to interfere.
The audit process also improved the quality of RECC’s code and internal practices, strengthening the foundation for future growth.
Impact in Numbers
2 months of development time saved through efficient collaboration and fast solutions.
$170K+ in protected value as a direct result of the assessment.
Going Above and Beyond
Halborn’s ability to connect security expertise with business context gave RECC the confidence to move forward with its innovative model. By embedding security into its real estate-backed lending system, Halborn helped protect investors, strengthened trust, and positioned RECC for long-term success in bringing real-world assets to the Solana ecosystem.
