business-logic-security-audit
Audited by Socket on Mar 13, 2026
1 alert found:
AnomalyThis audit report documents multiple high-impact business logic and integrity vulnerabilities in a trading platform: webhook signature bypass, race conditions enabling double-spend, KYC state machine bypass, trusting client-supplied exchange rates, insecure token storage on mobile, OAuth deep-link interception, input validation gaps, and information disclosure in mobile bundles. These are not indicators of malware but represent severe supply-chain/security issues that can enable fraud, account takeover, and regulatory violations. Immediate remediation is recommended for the critical items (webhooks, transactional atomicity, KYC authorization) and urgent fixes for high-severity mobile and rate-trust issues.