AI-assisted detection
AI analysis profiled behavioral outliers in mission claims, ranked abuse-prone endpoints, and accelerated suspicious sequence discovery.
NEAR Legion
NEAR Legion Community Platform Audit
Security assessment of community onboarding and mission workflows with emphasis on account boundaries and third-party integration safety.
Total findings
14
Critical / High
0 / 2
Resolved
92%
Duration
19 days
Overview
Security assessment of community onboarding and mission workflows with emphasis on account boundaries and third-party integration safety.
Scope
FrontendBackendFull Stack
Stack: Next.js / TypeScript / Serverless / NEAR integrations
Method
Auditor-owned decisions
Auditors performed exploit path validation, scoped practical abuse impact, and designed prioritized mitigations for phased rollout.
- 01 Inventory of role transitions and permission inheritance rules.
- 02 Simulation of abuse flows across third-party callbacks and retries.
- 03 Verification pass on fix deployment candidates in staging.
Key Risks
- Privilege bleed between community-role transitions and administrative actions.
- Webhook trust assumptions allowing stale external event replay.
- Rate-limit gaps around mission reward claim endpoints.
Outcome
High-risk issues were addressed before release; remaining low-severity hardening items moved into scheduled follow-up.