Project SEED
Cyrex partnered with Project SEED to conduct grey box penetration testing across its blockchain gaming ecosystem, securing Web3 integrations, smart contracts, wallet infrastructure, and platform APIs.
The Challenge
Securing a Multi-Layered Blockchain Gaming Ecosystem
Project SEED operates a comprehensive Web3 ecosystem combining a game studio, NFTs, DeFi integrations, DAO governance, and blockchain-powered gameplay infrastructure.
Such a layered architecture introduces security complexity across multiple domains:
- Web3 integrations and on-chain interactions
- Custodial and non-custodial wallet systems
- Smart contracts written in SOL and Solidity
- Platform APIs and backend services
- Player account management workflows
- Third-party integrations such as PlayFab
In blockchain environments, vulnerabilities can affect asset ownership, token interactions, and platform integrity. Project SEED required a structured penetration testing engagement capable of assessing both traditional application risks and blockchain-specific attack vectors.
The Cyrex Solution
Grey Box Penetration Testing Across Web3 & Platform Infrastructure
Cyrex conducted a grey box penetration test, combining partial architectural insight with real-world attack simulation. This methodology allowed our security engineers to test the system as an external attacker would, while leveraging contextual knowledge to evaluate deeper logic flows.
The objective was to identify exploitable weaknesses across both on-chain and off-chain components.
Web3 & Smart Contract Assessment
Our engagement included review and testing of:
- Web3 integration points
- Smart contracts written in SOL and Solidity
- Contract interaction logic
- Transaction validation mechanisms
We assessed potential vulnerabilities that could impact token logic, contract execution, or asset handling within the broader ecosystem.
Wallet & Asset Security
Given the importance of digital ownership, Cyrex evaluated:
- Custodial wallet implementations
- Non-custodial wallet integrations
- Authorization flows for wallet access
- Protection of user assets against unauthorized manipulation
The goal was to ensure wallet interactions were properly validated and resistant to misuse.
API & Account Security
Beyond blockchain components, Cyrex tested platform infrastructure, including:
- API endpoints
- Authentication and registration mechanisms
- Player account management systems
- PlayFab integration
We evaluated access controls, input validation, and potential exploitation paths that could affect user data or service integrity.
The Outcome
Reinforced Blockchain & Platform Security
- Identification and remediation of smart contract and integration vulnerabilities
- Improved wallet and asset protection mechanisms
- Strengthened API and account-level security
- Increased confidence in platform resilience ahead of broader adoption
Client Feedback
Project SEED
“Working with Cyrex has been an invaluable experience for us. Their prompt response, thorough investigation, and effective solutions for our blockchain products have greatly helped us ensure a safer environment for our users and players.”
Don't Let Players Find the Weakness
Your launch is months away. Hackers will find exploits in hours. Let our engineers secure your game before it's too late.
Response time: <24 hours • NDA included • No commitment required