Back to auditsClearance OrangePublished January 29, 2026

NEAR Legion

NEAR Legion Community Platform Audit

Security assessment of community onboarding and mission workflows with emphasis on account boundaries and third-party integration safety.

Total findings

14

Critical / High

0 / 2

Resolved

92%

Duration

19 days

Overview

Security assessment of community onboarding and mission workflows with emphasis on account boundaries and third-party integration safety.

Scope

FrontendBackendFull Stack

Stack: Next.js / TypeScript / Serverless / NEAR integrations

Method

AI-assisted detection

AI analysis profiled behavioral outliers in mission claims, ranked abuse-prone endpoints, and accelerated suspicious sequence discovery.

Auditor-owned decisions

Auditors performed exploit path validation, scoped practical abuse impact, and designed prioritized mitigations for phased rollout.

  1. 01 Inventory of role transitions and permission inheritance rules.
  2. 02 Simulation of abuse flows across third-party callbacks and retries.
  3. 03 Verification pass on fix deployment candidates in staging.

Key Risks

  • Privilege bleed between community-role transitions and administrative actions.
  • Webhook trust assumptions allowing stale external event replay.
  • Rate-limit gaps around mission reward claim endpoints.

Outcome

High-risk issues were addressed before release; remaining low-severity hardening items moved into scheduled follow-up.