Perform Security and Functionality Audit for full stack web3 application

---

New blockchain-based competition platform utilizing Rust, Anchor, and Next.js. To ensure the system is secure, efficient, and fully functional, we require an independent audit of the entire tech stack, covering both functionality and security risks. The audit will focus on backend smart contracts, frontend interactions, and overall system integrity. Project Goals The audit should identify and provide recommendations for: 1. Security Vulnerabilities • Smart contract exploits (e.g., reentrancy, front-running, overflow/underflow). • API and database security (e.g., injection attacks, authentication flaws). • Web application security (e.g., XSS, CSRF, session hijacking). • Wallet and private key exposure risks. • Potential Sybil attack risks and mitigation strategies. 2. Functionality Issues • Smart contract logic errors or inefficiencies. • Voting and reward distribution mechanism verification. • Payment handling and token minting logic correctness. • Frontend-to-backend communication issues. • Performance and scalability concerns. 3. Code Quality and Best Practices • Compliance with Solana/Rust development best practices. • Adherence to Anchor framework guidelines. • Next.js frontend optimization and API efficiency. • Code readability, maintainability, and documentation gaps. Scope of Work 1. Smart Contract Audit (Rust & Anchor) • Analyze entry fees, voting mechanics, reward distribution, and burn mechanisms. • Check contract ownership, access controls, and permission structures. • Ensure minting, token transfers, and treasury wallet functions are secure. • Validate challenge creation, reward payouts, and fairness mechanisms. • Identify any potential economic attacks or exploits. 2. Backend & API Audit • Review API security (rate-limiting, authentication, authorization). • Check for data leaks, misconfigurations, or attack vectors. • Assess how the backend handles user requests, transactions, and errors. • Validate how the system interacts with the Solana blockchain. 3. Frontend Audit (Next.js) • Check user authentication and session security. • Ensure proper input validation and XSS/CSRF protection. • Test frontend-to-backend API calls for vulnerabilities. • Analyze performance bottlenecks and scalability issues. 4. Overall Security & Compliance Check • Simulate attacks (white-box testing) to uncover weak points. • Verify wallet security and user asset protection. • Identify potential centralization risks in the system. • Suggest improvements for anti-Sybil measures. Deliverables The auditor must provide: 1. Detailed audit report, including: • Findings categorized by severity (Critical, High, Medium, Low). • Technical breakdown of identified vulnerabilities. • Recommendations for fixes with best practice references. 2. Code improvement suggestions (if applicable). 3. Retest verification report (if fixes are implemented). Timeline: ASAP Requirements for Auditors • Proven experience with Rust, Anchor, Solana, and Next.js security. • Previous smart contract audits (provide references or past reports). • Knowledge of blockchain security best practices. How to Apply Interested auditors should submit: • Portfolio of past audits (especially Solana/Rust projects). • Proposed methodology & timeline. • Estimated cost.

Keyword: JavaScript

Rust Next.js Website Security Smart Contract