Hacken Scout: detailed instruction for users

Hacken has recently introduced a new project — Hacken Scout. We are setting very ambitious goals and the key element enabling us to reach them is your understanding of how to correctly use the product. Only by submitting detailed and correct reports on the security of tokens users can make a real contribution to bringing global DeFi security to a radically new level. So, we have prepared a detailed instruction for users on how to correctly report on a security of a particular token.

Instruction on how to correctly fill the report fields

The report submission page contains a number of obligatory fields. Below there is detailed information on how to fill each of these fields.

  • Explorer link

Open Coingecko.com or Coinmarketcap.com, enter the token’s name or ticker,(pic.1) and copy the link found in the “Explorers” field (Etherscan or Bscscan). (pic.2)

Picture #1
Picture #2
  • Website link

Open Coingecko.com or Coinmarketcap.com, enter the token’s name or ticker (pic. 1) and copy the link found in the “Website” field. (pic.3)

Picture #3
  • ICO/IDO price

Open icodrops.com or icoholder.com and enter the token’s name or symbol in the search line. (pic.4)

Picture #4

You can also google the following combination “project name + ICO”. You have to enter the token sale price into the field. (pic.5)

Picture #5
  • Is team public?

Open the project’s website and find the page or section describing its team members. If you think they are real individuals, then choose “Yes”.

  • Are tokens locked?

Open https://app.unicrypt.network/ and select the blockchain in question in the “Browser” menu. (pic.6)

Picture #6

Then select the “Tokens” tab and insert the token’s contract address into the search line. Select the token in question. (pic.7)

Picture #7

Then go down to the block listing the token’s trading pairs. In case the pair with the biggest liquidity is locked, then choose “Yes”. (pic.8)

Picture #8

Otherwise, it’s possible that you’ll find the link to the timelock smart contract or you can also put the question in the token’s community chat and mention community manager or send directly to him the following message: “Hello! I am the Hacken Scout community member. Our project is developing the biggest database containing detailed information regarding the security of crypto projects that will be used by CER live, our resource that is the partner of Coingecko. Now I am collecting data about %name of the project% and I have a question: Are your LP tokens locked?”. If tokens are not locked, then choose “No”.

  • Locked tokens url

Insert the link by following which one can see the evidence that liquidity pools are locked. For example, it may be the last page of your research related to the previous question. (pic.9)

Picture #9
  • Does the project have an audit?

Open Coinmarketcap and enter the token’s name into the search line. Choose the token in question. (pic.10)

Picture #10

You can find info about the audit in the “Audit” field. (pic.11)

Picture #11

In case you have not found any info about the audit here, then go to Etherscan and enter the token’s contract address into the search line. On the address page select the tab “Contract” and click on “Security Audit”. (pic.12)

Picture #12

Otherwise, you may try to find news on audit in Medium or Google (“project name + Audit”). You can also join the token’s community chat and put the question in the chat with the mention of the community manager or send directly to him the following message: ”Hello! I am the Hacken Scout community member. Our project is developing the biggest database containing detailed information regarding the security of crypto projects that will be used by CER live, our resource that is the partner of Coingecko. Now I am collecting data about %name of the project% and I have a question: Does the project have an audit?”. In case you have not found any info about the audit using these 3 methods, then choose “No”.

  • Token security audit link

Insert the link to the token’s audit. In case there are a few links, insert all of them (separate with commas). (pic.13)

Picture #13
  • Platform security audit link

In case it’s the utility token of any platform, for example, DEX or Farming service, then you need to find info about the audit of the platform. To this end, you need to search for mentions on the audit on the project’s Medium or join the project’s community chat and put this question to the community manager in the chat or send directly to him the following message: ”Hello! I am the Hacken Scout community member. Our project is developing the biggest database containing detailed information regarding the security of crypto projects that will be used by CER live, our resource that is the partner of Coingecko. Now I am collecting data about %name of the project% and I have a question. Does the project have a platform security audit?”. In case there are a few links, insert all of them (separate with commas). In case there is no audit info, then leave the field empty.

  • Audit company

The company that has performed the audit. In case there are a few auditors, enter all of them (separate with commas).

  • Github smart contract code link

Go to Github of the project and find the smart contract file of the token. Usually, it is in the folder “Contracts” and the name has the word “Token”. (pic.14–16)

Picture #14
Picture #15
Picture #16
  • Ethereum smart contract code

Open Etherscan and insert the token’s contract address into the search line. (pic.17)

Picture #17

On the address page choose the tab “Contract”. Copy the URL from the address line and insert it into the field. (pic.18)

Picture #18

In most cases, this link has the following look: “Etherscan address link + “#code”. For example:

https://etherscan.io/address/0x05fb86775fd5c16290f1e838f5caaa7342bd9a63#code

  • BSC smart contract code

Open Bscscan and insert the token’s contract address into the search line. (pic.19)

Picture #19

On the address page choose the tab “Contract”. Copy the URL from the address line and insert it into this field. (pic.20)

Picture #20

In most cases, this link has the following look: “Bscscan address link” + “#code”. For example:

https://bscscan.com/address/0xaa9e582e5751d703f85912903bacaddfed26484c#code

  • Is the project verified on Etherscan\Bscscan?

In case there is a green checkmark on the token’s page on Etherscan\Bscscan — then choose “Yes”, otherwise — choose “No” (pic.21)

Picture #21
  • Is source code published?

If the contract source code is published on the tab “Contract” on Etherscan/Bscscan — then choose “Yes”, otherwise — choose “No”. (pic.22)

Picture #22
  • Does audited code match with deployed smart contracts code?

Open the token’s audit file and check whether it contains the link to the contract address on Etherscan\Bscscan — in case there is a link, choose “Yes”.

In case the audit contains the link to Github — copy the commit code and then follow the link. (pic.23)

Picture #23

Insert commit into the search field and press “Enter”. (pic.24)

Picture #24

Then click on “Commits” to search by commits and then click on “<>” icon. (pic.25)

Picture #25

Open the audit document and find the name of the file of the audited token. (pic.26)

Picture #26

Then open the tab with Github commit and find this file (pic.15). Open the contact code link on Etherscan\Bscscan and check whether the token’s code on Github is the same as the code published on Etherscan\Bscscan. (pic.27–28)

Picture #27
Picture #28

In case there is matching between these codes — choose “Yes”, otherwise — choose “No”.

  • Does the project have a Bug Bounty Program?

You can find info about the bug bounty programs passed by a project on its Medium or you can join the project’s community chat and put this question to the chat admin. In case the project has passed a bug bounty program — choose “Yes”, otherwise — choose “No” and leave the fields below empty.

  • Bug bounty program company

The name of the platform on which the project has run a bug bounty program. In case the project has passed bug bounty programs on a few platforms, enter the names of all of them (separate with commas).

  • Bug bounty program URL

Link to the bug bounty program. In case there are a few links, enter all of them (separate with commas).

As you can see, the process of data collection is structured. All data regarding the security of a particular token is circulating online and the only task is to bring all these pieces of information to a single location.

We remind you that in case you face any issues when collecting data or submitting it to the Hacken Scout database, feel free to ask the project’s experts for assistance in the Hacken Scout Discord channel.

Thank you for your motivation to bring fundamental security transformations to the DeFi world together with Hacken.

Follow Hacken on our media channels:

The community of crypto and cybersecurity enthusiasts united to keep not only themselves but also their friends and family safe in today’s digital world.