This case study provides a detailed analysis of the Blackhan Audit Contest, conducted by the HackenProof team from May 9 to May 27, 2025. It highlights the audit’s scope, key findings, reward allocation, and HackenProof’s role in enhancing the project’s security posture through crowdsourced vulnerability discovery.
About Blackhan
Blackhan Software operated on behalf of Moorhead LLC is an emerging force in the Web3 ecosystem, focused on building secure, scalable blockchain protocols and intuitive applications for decentralized environments. The team’s mission is to abstract away the complexities of on-chain interactions while maintaining best-in-class security and usability standards.
The project’s infrastructure aims to bridge modern blockchain utility with seamless, real-world user experiences — a vision grounded in engineering excellence and secure-by-design principles.
Audit Overview
The primary objective of the Blackсhan audit contest was to uncover vulnerabilities in its smart contract suite prior to mainnet deployment. HackenProof’s researcher community was invited to test the integrity, access control, logic correctness, and resilience of the codebase over a 19-day period.
Participants applied a mix of manual auditing, static analysis tools, and exploit simulations to identify potential flaws. The audit scope was carefully curated by the Blackhan team to ensure comprehensive coverage of contracts critical to the protocol’s core functionality.
Key Findings and Statistics
The audit resulted in four valid vulnerability reports, categorized by severity as follows:
- Medium Severity: 3 findings, including issues related to incorrect conditional logic, improper input validation, and edge-case handling that could lead to unintended execution paths.
- Low Severity: 1 finding, primarily focused on gas inefficiency and minor fallback inconsistencies.
No high or critical vulnerabilities were reported during the audit window.
These findings, though moderate in severity, were deemed important for long-term maintainability and preventing degradation of system trust under unusual conditions. All reported issues were acknowledged and promptly resolved by the Blackhan development team.
Rewards Distribution
The total available bounty pool for the contest was $10,000, of which $2,000 was awarded to participating researchers based on the severity and quality of submitted reports.
- Medium severity issues: 3 submissions rewarded
- Low severity issue: 1 submission rewarded
The remaining budget was unallocated due to the absence of high or critical issues, and HackenProof’s severity-weighted payout model ensures that rewards are proportionate to the potential impact of the discoveries.
Impact and Efficiency
By resolving the identified vulnerabilities ahead of launch, Blackсhan significantly bolstered its protocol’s resilience. Beyond just eliminating bugs, the contest optimized development workflows by allowing the internal engineering team to focus on remediation rather than triaging or validation.
This efficiency was made possible by HackenProof’s in-house triage team, which ensured each report was reviewed, validated, and clearly prioritized. This helped the Blackhan team reduce friction, avoid distractions, and address verified vulnerabilities without delay.
“This audit contest allowed us to uncover critical insights and optimize core logic in a way that aligned with our launch timeline. Working with HackenProof gave us speed, clarity, and the confidence to move forward securely.” – Blackhan Software
Conclusion
The Blackhan Audit Contest, facilitated by HackenProof, reflects the strategic importance of collaborative, community-powered security audits in the blockchain development lifecycle. The effectiveness of this process — from triage to fix — emphasizes the value of leveraging specialized platforms to streamline vulnerability discovery without compromising product timelines.
Recommendations
We strongly encourage all Web3 builders to incorporate public bug bounty programs and structured audit contests into their development roadmap. These initiatives are not just risk mitigation tools — they are strategic investments in user trust, code quality, and long-term sustainability in the DeFi and Web3 sectors.
About HackenProof
HackenProof is a leading Web3 bug bounty and crowdsourced audit platform trusted by top Web3 and Web2 projects for unparalleled security. We partner with industry leaders like the Ethereum Foundation, Aptos, Polygon, Near, Aurora, Sui, MetaMask, 1inch, TON Foundation, Cronos, OKX, Status, and over 155 other projects.
