Influence360 Completes Dual Security Audit - Smart Contract Review & Penetration Test
Client
Influence360
Project
Web3 influencer marketing marketplace
Industry
Web3
Date
March 2026
Scope
EVM, Solana & Tron Escrow Smart Contracts + Web Application Penetration Test
Auditor
softstack GmbH
softstack GmbH has completed two independent security engagements for Influence360: a smart contract security audit of their multi-chain escrow system and an external black-box penetration test of their web platform. This article summarizes the scope, methodology, findings, and remediation outcomes of both assessments.
About Influence360
Influence360 is redefining Web3 influencer marketing. They are building a platform where companies and creators can grow together, with data-driven campaigns, transparent performance metrics, and onchain payment protection. Founded by crypto veterans, Influence360 brings years of experience leading campaigns for top Web3 projects and connects the dots between companies, influencers, and communities worldwide.
Smart Contract Security Audit
Scope
The smart contract audit covered the Influence360 Escrow contracts deployed across three chains: EVM, Solana, and Tron. Each implementation provides platform fee collection, deal creation and completion, and dispute resolution.
Methodology
Two independent softstack security experts performed a thorough assessment combining:
- Manual Code Review: Line-by-line analysis focusing on business logic correctness, access control patterns, and potential attack vectors across all three chain implementations.
- Automated Analysis: Static analysis tools and custom pattern-matching scripts targeting reentrancy, integer overflow/underflow, unprotected external calls, and storage collision risks.
- Cross-Chain Consistency Review: Verification that security properties are maintained consistently across the EVM, Solana, and Tron implementations.
- Access Control Verification: All privileged functions mapped and verified against the intended permission model (MANAGER_OF_MANAGERS, DISPUTE_MANAGER, FEE_ACCOUNT_MANAGER roles).
Key Findings and Resolutions
The audit identified 13 findings classified as follows:
- HIGH: 3
- MEDIUM: 6
- LOW: 3
- INFORMATIONAL: 1
Key findings addressed caller-controlled fee parameters, TRC-20 transfer return value handling, dispute manager access controls, batch size limits, and cross-chain implementation consistency. The Influence360 team addressed all findings
Black-Box Penetration Test
Scope
The penetration test targeted influence360 web infrastructure, as an external, internet-facing application. Testing was conducted without source code access, simulating a real-world attacker with no prior knowledge.
Methodology
The assessment followed OWASP Testing Guide and PTES (Penetration Testing Execution Standard), covering over 67 individual security tests across 16 testing phases, from OSINT and reconnaissance through active exploitation and gap analysis.
Results
The assessment identified 15 vulnerabilities:
- CRITICAL: 2
- HIGH: 5
- MEDIUM: 7
- LOW: 1
Key vulnerability categories included CORS misconfiguration enabling cross-site token theft, a 2FA bypass chain allowing full account takeover, broken admin access controls, rate limiting gaps across authentication endpoints, stored XSS via profile fields, and email security weaknesses.
Remediation & Re-Test
Following the initial assessment, the Influence360 team implemented comprehensive fixes. A re-test on March 1, 2026 confirmed:
- 14 findings successfully fixed
- 1 finding accepted as intentional design decision
- 0 findings remaining open
Key improvements included server-side Cloudflare Turnstile CAPTCHA enforcement across all authentication endpoints, strict CORS origin whitelisting, backend 2FA verification with rate limiting and account lockout, input validation blocking XSS payloads, profile creation limits, DMARC policy upgrade, and JWT id_token lifetime reduction from 30 to 5 minutes.
Conclusion
Across both engagements, Influence360 demonstrated strong security commitment and rapid remediation capability. The smart contract escrow system provides multi-chain payment protection with well-defined access controls, while the web platform now maintains a robust security posture with defense-in-depth controls across authentication, authorization, and input handling layers.
By investing in both smart contract auditing and penetration testing, Influence360 has taken a comprehensive approach to securing their platform, from the onchain escrow layer to the web application that users interact with daily.
About softstack GmbH
softstack GmbH is a European blockchain security firm specializing in smart contract audits, penetration testing, and security consulting. ISO 27001 certified, our team of experienced security researchers has audited protocols across EVM, SVM and other major blockchain platforms, safeguarding over $100 billion in user funds.
Contact us to discuss your next security audit.
Services we provide
