top of page
  • Writer's pictureFYEO

FYEO Completes Secure Code Assessment of Cosmic Xahau NFT Marketplace

FYEO Completes Audit of Cosmic Xahau

What is Cosmic Xahau?

Cosmic Xahau is the first NFT marketplace for the Xahau network, dedicated to empowering artists and creators by providing a unique platform for showcasing their work. The platform leverages the URI Tokens' ability to utilize native hooks on the Xahau Network, enabling seamless transactions and secure storage of NFTs. 

The review was focused on the server logic of the cosmic-nft platform. The project makes great use of Xumm library to implement login and session communication. All the necessary functions are protected with JWT. The main logic of the platform is based on interaction with 2 services - Xahau and DynamoDB. While the actual items exist in the blockchain, the database is used to provide a smooth UX and serves as the reflection of the current state. During the audit, it was discovered that in exceptional cases the states of Xahau and DynamoDB may be different.

Additionally, the implementation of Remit transactions in Xahaud was reviewed, and no issues were found.

The FYEO Process

When FYEO performs an assessment, we focus on the code committed at a specific time when the code base is feature complete. 

Our goal is to give our clients the following:

  • A better understanding of its security posture and help them identify current and future risks in its deployed chain & contract infrastructure.

  • An opinion on what security measures are in place regarding maturity, adequacy, and efficiency.

  • Identify potential issues, including loss of funds scenarios, and include improvement recommendations based on the result of our assessment.

  • Give the development team a better understanding of writing and maintaining more secure code. The incremental increase of security is part of the overall increased quality of the project.

Findings and Report

During the security assessment, we uncovered:

  • 2 findings with LOW severity rating.

Regarding open issues, neither presents a security risk to the platform or its users. Regarding the second issue “operation may finish with partial completion”, batch transaction support will be required but this is not currently supported in the network.

Cosmic Xahau - Security Code Review Cosmic Xahau v1.0
Download PDF • 640KB


bottom of page