FYEO Completes Buddy Link Security Assessment
Buddy Link engaged FYEO to perform a secure code review of the Buddy Link Solana protocol which allows users to create and manage their buddy profiles and organizations as well as minting, claiming and transferring assets.
Buddy Link is a fully on-chain referral platform for affiliates to refer their friends to web3 apps. Unlike most affiliate systems that focus on b2b sales, Buddy Link aims to attract users and affiliates with its focus on social, giveaways, and competitions while working with a select few partners. The Buddy Link ethos is to keep users safe by providing research tools, transparent analytics and an easy to use dashboard
The report summarizes the engagement, tests performed, and findings. It also contains detailed descriptions of the discovered vulnerabilities, steps the FYEO Security Team took to identify and validate each issue, as well as any applicable recommendations for remediation.
The FYEO Process
When FYEO performs an assessment, we focus on the code committed at a specific time when the code base is feature complete.
Our goal is to give our clients the following:
A better understanding of its security posture and help them identify current and future risks in its deployed chain & contract infrastructure.
An opinion on what security measures are in place regarding maturity, adequacy, and efficiency.
Identify potential issues, including loss of funds scenarios, and include improvement recommendations based on the result of our assessment.
Give the development team a better understanding of writing and maintaining more secure code. The incremental increase of security is part of the overall increased quality of the project.
Findings & Report
During the Secure Code Review of Buddy Link - buddlink-beta-sol, we discovered:
1 finding with MEDIUM severity rating.
1 finding with LOW severity rating.
5 findings with INFORMATIONAL severity rating.
Following the audit, the Buddy Link team worked in conjunction with the FYEO team to remediate all security vulnerabilities identified.
Please see the attached full report to learn more!